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Preface 


Mathematical logic and automata theory are two scientific disciplines with 
a Close relationship that is not only fundamental for many theoretical re- 
sults but also forms the basis of a coherent methodology for the verification 
and synthesis of computing systems. Although both automata theory and 
mathematical logic look back to a much longer history, they have come to- 
gether in the 1960s through the fundamental work of Biichi, Elgot, Rabin 
and others who showed the expressive equivalence of automata with logi- 
cal systems such as monadic second-order logic on finite and infinite words 
and trees. This allowed the handling of specifications (where global system 
properties are stated) and implementations (which involve the definition of 
the local steps in order to satisfy the global goals laid out in the specifica- 
tion) in a single framework. Moreover this framework offered algorithmic 
procedures for essential questions such as the consistency of the specifica- 
tions or the correctness of implementations. Through the methodology of 
model-checking the connection between automata theory and logic has in- 
deed become the basis of efficient verification methods with industrial scale 
applications. 

Wolfgang Thomas is one of the leading scientists in logic and automata 
theory. He has shaped this scientific area, not only through many deep 
and beautiful results, but also through his ability to bring together different 
research threads, to provide a convincing synthesis of them, and to point 
out new and promising directions. For a whole generation of scientists in 
the field, including most of the collaborators of this volume, his tutorials 
and surveys on automata theory, language theory and logic, his activities 
as a teacher, and his lucid contributions at conferences and in informal dis- 
cussions, have been extremely influential. We now take the occasion of the 
60th birthday of Wolfgang Thomas to present a tour d’horizon on automata 
theory and logic. The twenty papers assembled in this volume, written by 
experts of the respective area upon invitation by the editors, cover many 
different facets of logic and automata theory. They emphasize the connec- 
tions of automata theory and logic to other disciplines such as complexity 
theory, games, algorithms, and semigroup theory and stress their impor- 
tance for modern applications in computer science such as the synthesis 
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and verification of reactive systems. The volume puts modern scientific de- 
velopments into a historical perspective, and shows how they are rooted in 
more than forty years of automata theory and mathematical logic. Perhaps 
even more importantly, the authors present and discuss current perspectives 
of automata and logic based methodologies in different areas of computer 
science. 


The cover picture of this volume is taken from an old paper by the Nor- 
wegian mathematician Axel Thue (1863-1922)! which is historically quite 
remarkable. While Thue’s work on word rewriting and combinatorics of 
words has been widely acknowledged, and notions such as Thue systems or 
Thue-Morse sequences are familiar to most computer scientists, it had gone 
unnoticed for a long time that Thue also, in the above mentioned paper, 
introduced the concept of trees into logic, and was apparently the first to 
discuss problems such as tree rewriting and the word problem for tree identi- 
ties, and to use notions such as the Church-Rosser property, confluence, and 
termination. Only recently, Magnus Steinby and Wolfgang Thomas brought 
Thue’s 1910 paper again to the attention of the scientific community and 
pointed out its historical importance.” 


Freiburg, Aachen & Kiel J.F. E.G. T.W. 


1 Axel Thue, Die Lösung eines Spezialfalles eines generellen logischen Problems, Kra. Vi- 
densk. Selsk. Skrifter. I. Mat.-Nat. K1., Christiana 1910, Nr. 8. 

2 M. Steinby and W. Thomas. Trees and term rewriting in 1910: On a paper by Axel 
Thue. Bulletin of the European Association for Theoretical Computer Science, 72:256- 
269, 2000. 
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Abstract 

The article surveys recent results in the study of topological com- 
plexity of recognizable tree languages. Emphasis is put on the rela- 
tion between topological hierarchies, like the Borel hierarchy or the 
Wadge hierarchy, and the hierarchies resulting from the structure of 
automata, as the Rabin-Mostowski index hierarchy. The topologi- 
cal complexity of recognizable tree languages is seen as an evidence 
of their structural complexity, which also induces the computational 
complexity of the verification problems related to automata, as the 
non-emptiness problem. Indeed, the topological aspect can be seen 
as a rudiment of the infinite computation complexity theory. 


1 Introduction 


Since the discovery of irrational numbers, the issue of impossibility has been 
one of the driving forces in mathematics. Computer science brings forward a 
related problem, that of difficulty. The mathematical expression of difficulty 
is complexity, the concept which affects virtually all subjects in computing 
science, taking on various contents in various contexts. 

In this paper we focus on infinite computations, and more specifically 
on finite-state recognition of infinite trees. It is clearly not a topic of clas- 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 9-28. 
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sical complexity theory which confines itself to computable functions and 
relations over integers or words, and measures their complexity by the— 
supposedly finite—time and space used in computation. However, infinite 
computations are meaningful in computer science, as an abstraction of some 
real phenomena as, e.g., interaction between an open system and its envi- 
ronment. The finite and infinite computations could be reconciliated in 
the framework of descriptive complexity, which measures difficulty by the 
amount of logic necessary to describe a given property of objects, were they 
finite or infinite. However the automata theory has also developed its own 
complexity measures which refer explicitly to the dynamics of infinite com- 
putations. 

From yet another perspective, infinite words (or trees) are roughly the 
real numbers, equipped with their usual metric. Classification of functions 
and relations over reals was an issue in mathematics long before the birth 
of computer science. The history goes back to Emil Borel and the circle 
of semi-intuitionists around 1900, who attempted to restrict the mathe- 
matical universe to mentally constructible (définissables) objects, rejecting 
set-theoretic pathologies as unnecessary. This program was subsequently 
challenged by a discovery made by Mikhail Suslin in 1917: the projection 
of a Borel relation may not be Borel anymore (see [12], but also [1] for a 
brief introduction to definability theory). It is an intriguing fact that this 
phenomenon is also of interest in automata theory. For example, the set 
of trees recognized by a finite automaton may be non-Borel, even though 
the criterion for a path being successful is so. One consequence is that the 
Biichi acceptance condition is insufficient for tree automata. 


Classical theory of definability developed two basic topological hierar- 
chies: Borel and projective, along with their recursion-theoretic counter- 
parts: arithmetical and analytical. These hierarchies classify the relations 
over both finite (integers) and infinite (reals, or w“) objects. Although the 
classical hierarchies are relevant to both finite and infinite computations, it 
is not in the same way. 

Classical complexity theory borrows its basic concepts from recursion 
theory (reduction, completeness), and applies them by analogy, but the 
scopes of the two theories are, strictly speaking, different. Indeed, com- 
plexity theory studies only a fragment of computable sets and functions, 
while recursion theory goes far beyond computable world. Finite-state rec- 
ognizability (regularity) forms the very basic level in complexity hierarchies 
(although it is of some interest for circuit complexity). 

In contrast, finite state automata running over infinite words or trees ex- 
hibit remarkable expressive power in terms of the classical hierarchies. Not 
surprisingly, such automata can recognize uncomputable sets if computable 
means finite time. Actually, the word automata reach the second level of 
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the Borel hierarchy, while the tree automata can recognize Borel sets on any 
finite level, and also — as we have already remarked — some non-Borel sets. 
So, in spite of a strong restriction to finite memory, automata can reach the 
very level of complexity studied by the classical definability theory. Putting 
it the other way around, the classical hierarchies reveal their finite state 
hardcore. 


In this paper we overview the interplay between automata on infinite 
trees and the classical definability hierarchies, along with a subtle refinement 
of the Borel hierarchy, known as the hierarchy of Wadge. The emerging pic- 
ture is not always as expected. Although, in general, topological complexity 
underlines the automata-theoretic one, the yardsticks are not always com- 
patible, and at one level automata actually refine the Wadge hierarchy. A 
remarkable application exploits the properties of complete metric spaces: in 
the proof of the hierarchy theorem for alternating automata, the diagonal 
argument follows directly from the Banach fixed-point theorem. 


2 Climbing up the hierarchies 

It is sufficiently representative to consider binary trees. A full binary tree 
over a finite alphabet © is a mapping t : {1,2}* — ©. As a motivating 
example consider two properties of trees over {a,b}. 


e Lis the set of trees such that, on each path, there are infinitely many 
b’s (in symbols: (Yr € {1,2}”)(Vm)(Sn > m) t(r | n) = b). 


e M is the set of trees such that, on each path, there are only finitely 
many a’s (in symbols: (Yr € {1,2}”)(4m)(Vn > m) t(m [ n) = b). 


(In the above, m [ n denotes the prefix of m of length n.) At first sight the 
two properties look similar, although the quantifier alternations are slightly 
different. The analysis below will exhibit a huge difference in complexity: 
one of the sets is definable by a II9 formula of arithmetics, while the other 
is not arithmetical, and even not Borel. 

We have just mentioned two views of classical mathematics, where the 
complexity of sets of trees can be expressed: topology and arithmetics. For 
the former, the set Ty of trees over X is equipped with a metric 


0 if t4 = te 
d(ti t2) = 4, : : 

27” with n = min{|w| : t1(w) Æ te(w)} otherwise 
For the latter, trees can be encoded as functions over natural numbers w. 
The two approaches are reconciliated by viewing trees as elements of the 
Cantor discontinuum {0,1}”. Indeed, by fixing a bijection ų : w > {1,2}*, 
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and an injection p : © — {0,1} (for sufficiently large £), we continuously 
embed 


tre potou 


Ts into ({0,1}”)*, which in turn is homeomorphic to {0,1}. It is easy to 
see that we have a homeomorphism Ty ~ {0,1}”, whenever 2 < |X]. 

On the other hand, as far as computability is concerned, the functions 
in w” can be encoded as elements of {0,1}”. Assuming that ¢ above is 
computable, we can apply the recursion-theoretic classification to trees. 


We now recall classical definitions. Following [10], we present topological 
hierarchies as the relativized versions of recursion-theoretic ones. Thus we 
somehow inverse the historical order, as the projective hierarchy (over reals) 
was the first one studied by Borel, Lusin, Kuratowski, Tarski, and others 
(see [1]). However, from computer science perspective, it is natural to start 
with Turing machine. Let k,@,m,n,... range over natural numbers, and 
a, 3,7,-.. over infinite words in {0,1}”; boldface versions stand for vectors 
thereof. We consider relations of the form R C w* x ({0,1}“)‘, where 
(k, £) is the type of R. The concept of (partially) recursive relation directly 
generalizes the familiar one (see, e.g., [10, 23]). In terms of Turing machines, 
a tuple (m,a) forms an entry for a machine, with a spread over infinite 
tapes. Note that if a Turing machine gives an answer in finite time, the 
assertion R(m, a) depends only on a finite fragment of a. Consequently the 
complement R of a recursive relation R is also recursive. 

The first-order projection of an arbitrary relation R of type (k +1, £) is 
given by 


PR = {(m,a) : (An) R(m,n, a)} 


and the second-order projection of a relation R of type (k, + 1) is given by 
+R = {(m,a) : (38) R(m, a, 8)} 


The arithmetical hierarchy can be presented by 


3 = the class of recursive relations 
m = AR Rest 

Way = AP Reel} 
Al = KPA 


The relations in the class U <u U2 = Une, HÀ, are called arithmetical. 
Note that R is arithmetical if so is R. 
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The analytical hierarchy can be presented by 


YA = the class of arithmetical relations 
m = {R:Rew 

Dla = Aa Re Rely 
Al = X nH. 


The two hierarchies have their relativized counterparts usually distin- 
guished by the boldface notation. For a relation R of type (k, + 1) and 
B € {0,1}, let 


R|6] = {(m,a):R(m,a,p)} 
Then, for i = 0,1, we define 


x, = {R[6]: REX, Be {0,1}°} 
Mi = {R[é]: Reh, 8 eE {0,1}*} 
Ai = ŒA 


The crucial observation is that the ©? relations (of type (0,2)) coincide 
with open relations on {0,1}” with the Cantor topology. To see this, note 
that an open set in {0,1}* can be presented by (J epg v{0,1}%, for some 
B C {0,1}*, and hence we can present it by (dn) R(n,a, 8), where the 
parameter ( lists the elements of B, and the recursive relation verifies, 
given n = (k,m) that the kth prefix of a coincides with the mth element 
of B. (The other direction is straightforward.) Next it is easy to see that 
relations in X? 4 coincide with the countable unions of relations in II? (of 
suitable type). Therefore the classes ©°, II? form the initial segment of the 
Borel hierarchy over {0,1}”. 

Similarly, the classes ©}, II}, form the so-called projective hierarchy 
over {0,1}%. 

Like in computation/complexity theory, the problems can be compared 
via reductions. We say that a continuous mapping of topological spaces, 
py: T, — To, reduces a set A C T; to a set B C Ty, if A = p(B); in this 
case we say that A is Wadge reducible to B, in symbols A <w B. A set B 
is complete in a class C C p(T) if BEC and (VA EC) A <w B. 


A remarkable point is that complete sets may have very simple structure. 


Example 2.1. The singleton {0”} is in II?, and it is complete for II}. The 
membership in IT? is seen by presentation of the complement by (In) a(n) 4 
0. Now let L be any closed subset of w”. Define f : w* — w* by 


f(xy) = 0”ly 
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where x is the longest prefix of xy being also a prefix of u, for some u € L. 
Then it is easy to see that the mapping f : w” — w” given by 


f(u)(n) = fut n+ 1(n) 


is a desired reduction (where u = uou ... and u Ìn +1 = uou1... Un). 
It can be seen that, in fact, any singleton {a} is complete in IT?, although 
in general it need not be in IT. 


The reader may be puzzled by triviality of this example compared to the 
construction of complete sets of natural numbers in I? or in YY. Intuitively, 
the second-order objects (trees or words) are “less sensitive” to first-order 
quantification. 

In a similar vein, one can show 


Example 2.2. The set {0,1}*0% is in X$, and it is complete in D9. 
We now revisit our motivating example from beginning of this section. 


Example 2.3. It is not hard to see that the set L is in class II. Although 
the original definition has used a second-order quantifier (for all paths), a 
simpler definition can be given by exploiting arithmetic (like encoding finite 
sets of nodes by single numbers): 


te L <=> for all v € {1,2}*, there is a finite maximal antichain B 
below v with (Vw € B) t(w) = b. 


On the other hand, the set M, which is by definition in Ht, is also complete 
in IT} w.r.t. continuous reductions, hence not Borel. The completeness can 
be seen by reduction of the set W of the suitably encoded wellfounded 
(non-labeled) trees T C w* (see, e.g., [19]), which is well-known to be IT}- 
complete [11]. 


3 The power of game languages 


The properties of Example 2.3 have a powerful generalization, which is best 
understood by viewing sequences in {a,b}” as outcomes of some infinite 
two-player game, where one of the players wants to see b infinitely often, 
while the other does not. To make this game more general/symmetric, we 
assume that each player has her or his favorite set of letters, and to make 
the result definite, we assume a priority order on letters. This gives rise to 
parity games (introduced by Emerson and Jutla [8], and independently by 
A.W. Mostowski [13]), the concept highly relevant to the p-calculus-based 
model checking and to automata theory (see [26]). We briefly recall it now. 

A parity game is a perfect information game of possibly infinite dura- 
tion played by two players, say Eve and Adam. We present it as a tuple 
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(V3, Wy, Move, pp, rank), where V3 and WĶ are (disjoint) sets of positions of 
Eve and Adam, respectively, Move C V x V is the relation of possible moves, 
with V = VaUW, po € V is a designated initial position, and rank : V —> w 
is the ranking function. 

The players start a play in the position po and then move the token 
according to relation Move (always to a successor of the current position), 
thus forming a path in the graph (V, Move). The move is selected by Eve or 
Adam, depending on who is the owner of the current position. If a player 
cannot move, she/he looses. Otherwise, the result of the play is an infinite 
path in the graph, vo, v1, v2,... Eve wins the play if limsup,_,,, rank(vn), 
is even, otherwise Adam wins. A crucial property of parity games is the 
positional determinacy: any position is winning for one of the players, and 
moreover a winning strategy of player 0 can be chosen positional, i.e., rep- 
resented by a (partial) function o : Vg > V. We simply say that Eve wins 
the game if she has a winning strategy, the similar for Adam. (See [9] for 
more detailed introduction to parity games.) 


Here we are interested in several groups of tree languages related to the 


parity games. 
For ų € {0,1} and ų < k < w, let 


Dun = {ut lyh 
Mux) = {u E Ue gy: ely Un is even } 
Tor) = {t E Tie ; (Yr E {1,2}”)t fre Mox) t, 


where t | m stands for the restriction of t to the path 7. That is, T(,,,) is the 
set of trees over X(, «) such that, on each path, the highest label occurring 
infinitely often is even. The sets L and M of Example 2.3 can be readily 
identified with Ta,2) and T(g,1), respectively. 

We now present an important game variation of sets To, x); these will be 
tree languages over alphabet {9, Y} x Yi...)- 

With each tree t in Tis yy x5,,,,), We associate a parity game G(t), as 
described in the previous section, with 


e V3 = {v € {1,2}*: t(v) i= 3}, 
W = {v € {1,2}* : t(v) i= Y}, 
Move = {(w, wi) : w € {1, 2}*, i € {1,2}}, 


e po = £ (the root of the tree), 
e rank(v) = t(v) l2, for v € {1,2}*. 
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(1, 2) —— (1, 3) —— (1, 4) —_---- 


(jo 3) 


FIGURE 1. The Mostowski-Rabin index hierarchy. 


The set Wq, x) consists of those trees for which Eve wins the game G(t). 
Note that this means that Eve can force the resulting path m to satisfy 
(t [ 7) J2€ Man): 

Finally, we introduce the weak version of all the concepts above, which is 
obtained by replacing everywhere lim sup by sup. We denote by L’? the weak 
version of L. So, in particular M? acs = {we U7 2 © SUPp so Un is even }. 
Similarly, the weak parity games differ from the games defined above in that 
Eve wins a play if the highest rank occurring in the play is even. 


It is useful to have a partial ordering on pairs (z,«), with ¿ € {0,1}, 
which we call Mostowski-Rabin indices. We let (t,«) E (v’,x’) if either 
Uv <. andsk < K (ie, {0,...,K} C {U,K} or e = 0, V = 1, and 
k+2 < (ie, {6+2,...,6 +2} C {v,...,4}). We consider the indices 
(1,«) and (0,« — 1) as dual, and let (1, K) denote the index dual to (, K). 
Note that (v,«) = (t,«). The ordering is represented on Figure 1. 

Clearly, in each of the above-defined families, the ordering on Mostowski- 
Rabin indices induces inclusion of corresponding sets. 


Now the crucial observation is the following. If 7 is a complete metric 
space then no contracting reduction can reduce a set A C T to its comple- 
ment A. Indeed, otherwise, by the Banach Fixed-Point Theorem, we would 
have 

a€ A => f(a)e A = a€ A (contradiction), 


for the fixed point a = f(a). 
It immediately implies the following. 


Lemma 3.1. No contracting mapping reduces Waa to Woun)> OF We 5 
to We. k) 


Proof. Although Wow R) and Wa, x) are over different alphabets, we have: an 
isometry of Ty,, n) 


exchanges quantifiers and ee the ranks by +1. This isometry reduces 
Won) to Wea A)? 80 the claim follows from the observation above. The 
argument for weak version is similar. Q.E.D. 
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It turns out that we can strengthen the above lemma by removing the 
hypothesis of contractivity. This is because, in general, any continuous 
reduction of W; x) to some L can be improved to a contracting one, by 
composing it with a “stretching” reduction of Wq, «) to itself. The details 
can be found in [3]. Thus we obtain the following. 


Theorem 3.2. The game languages form a hierarchy w.r.t. the Wadge 
reducibility, i.e., 


(t, ) Cc (w, K’) iff Wun) <w Wor’) 
iff We.) <w Wear) 


This result has several applications involving automata. Let us first 
recall definition of an alternating parity automaton. 

An alternating parity tree automaton can be presented as a tuple A = 
(X, Q3, Qy, qo, 6, rank), where the set of states Q is partitioned into existen- 
tial states Q3 and universal states Qy, ô C Qx Ux {1, 2,e} <Q is a transition 
relation, and rank: Q > w a rank function. An input tree t is accepted by 
A iff Eve has a winning strategy in the parity game (Qa x {1,2}*,Qy x 
{1,2}*, (qo, €), Move, rank), where Move = {((p,v), (g,vd)): v € dom(t), 
(p, t(v), d,q) € ô} and rank(q, v) = rank(gq). 

We can assume without loss of generality that minrank(Q) is 0 or 1. 
The pair (min rank(Q), maxrank(Q)) is the Mostowski-Rabin index of the 
automaton. 

A weak alternating parity tree automaton is defined similarly, by restric- 
tion to weak parity games. Strictly speaking, a weak automaton is not a 
parity automaton, but it can be easily turned into one. It is enough to mul- 
tiply the set of states by rank(Q) so that the second component keeps record 
of the highest rank seen so far (it can only increase). It is well known that 
the languages recognized by weak alternating automata are exactly those 
recognizable by both (0,1) and (1,2) automata (it follows essentially from 
(22). 

It is straightforward to see that each W(,,,) is recognized by a parity 
automaton of index (4, K), and each We) is recognized by a weak parity 
automaton of index (4, K). 


The next important observation is the following lemma: 


Lemma 3.3. If a set of trees T is recognized by a (weak) alternating au- 
tomaton of index (1, x) then T <w Wi.) (resp. T <w We. p) 


The exact construction is somewhat tedious, but the idea of the reduc- 
tion is simple: for a tree t, we construct a full game tree and then forget 
anythings but ranks. The details are presented in [2, 5], where the reduction 
is even made contracting, but in view of Theorem 3.2, it is not necessary. 
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Combining Theorem 3.2 with Lemma 3.3, we obtain 


Theorem 3.4. The tree languages W(,,,) form a strict hierarchy for the 
Mostowski-Rabin indices of alternating parity automata. 

The tree languages We.) form a strict hierarchy for Mostowski-Rabin 
indices of weak alternating parity automata. 


The first claim was established by Bradfield [6]; the proof via the Banach 
Theorem was given later by Arnold [2] (see also [5]). 

The strictness of the hierarchy of weak automata was first established 
by Mostowski [14], who shown that it is equivalent to a hierarchy based on 
weak monadic formulas, and then used the strictness of the latter hierarchy, 
previously proved by W. Thomas [25]. 

As Skurczyiiski showed [24] (by other examples) that there are II? and 
£? -complete tree languages recognized by weak alternating automata of in- 
dex (0,n) and (1,n + 1) accordingly, Lemma 3.3 also implies that the sets 
We.) are hard on the corresponding finite levels of the Borel hierarchy. Re- 
cently, Duparc and Murlak [7] showed that these sets are actually complete 
in these classes. 


Theorem 3.5 (Duparc-Murlak, [7]). If a tree language T is recognized by 
a weak alternating automaton of index (0, n) (resp. (1,n+1)) it holds that 
T € II (resp. T € BY). 


Let us complete this recent theorem by what we have known since long 
time about strong alternating automata. 


Theorem 3.6. If a tree language T is recognized by an alternating au- 
tomaton of index (0,1) (resp. (1,2)) it holds that T € II} (resp. T € S}). 
For any recognizable tree language T, T € Ab. 


The first claim was (essentially) established by Rabin [22] in terms of 
the formulas of S2S and for nondeterministic automata of index (1,2), now 
called Biichi automata. It was later shown [4] that for Büchi automata alter- 
nation does not matter. Note that this implies in particular that the set M 
of Example 2.3 cannot be recognized by a Biichi automaton [22]. The second 
claim follows from definition and Rabin’s Complementation Lemma [21]. 


4 How fine is the Wadge hierarchy? 


In the previous section we saw that with regular tree languages one can go 
much higher in the Borel hierarchy than with regular w-languages. Now we 
should like to concentrate on the fineness of the hierarchy. Let us start with 
a simple example. 

For n € w, let L, denote the set of trees over the alphabet [0,n] = 
{0,1,...,n}, whose leftmost path satisfies the weak parity condition, i. e., 
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the highest label on this path is even. For example: Lo = Tigo) consists 
of the only tree over the alphabet {0}, and Lı, a closed subset of Tio 1), 
consists of trees with 0’s on the leftmost path and 0’s or 1’s elsewhere. It is 
an easy exercise to show that Ln are regular. 

Even everyday intuition of complexity tells us that D,+41 is more complex 
then Lp. This can be formalized by means of continuous reductions intro- 
duced in the previous section. Consider an identity function id : Tjo, — 
Tjo,k} With £ < k. Clearly, this function reduces Ly to Ly: t € Le iff id(t) € 
Lp. Hence the languages L, form a hierarchy: Lo <w Li <w Lo <w.... 

OK, but this already happened with the weak game languages from the 
previous section, so what is the difference? Well, observe that all these 
languages can be presented as a finite Boolean combination of closed sets, 


e.g. 
Lz = {t: Vi t(0°) € [0, 2]} \ {t: V; t(0°) € [0, 1]} U {t: V; t(0°) € [0,0]}. 


Consequently, our entire hierarchy lies within A$! 

‘All right,’ the reader might say, ‘but how do I know that, say, Ly cannot 
be reduced to Lg? How do I know that this “hierarchy” is strict?’ It is, 
but showing that directly would be rather tiresome. Instead, we shall use a 
handy characterization provided by Wadge games. 

Originally, these games were defined for w-words (see [20]). Here, we 
shall use a tree version. For any pair of tree languages L C Ty, M C Tp the 
Wadge game Gw(L, M) is played by Spoiler and Duplicator. Each player 
builds a tree, ts € Ts and tp € Tr respectively. In every round, first Spoiler 
adds at least one level to tg and then Duplicator can either add some levels 
to tp or skip a round. Duplicator must not skip infinitely long, so that tp 
is really an infinite tree. Duplicator wins the game if ts E L 4> tp E€ M. 


Lemma 4.1 (Wadge). Duplicator has a winning strategy in Gw(L, M) if 
and only if L <w M. 


Proof. Essentially, a winning strategy for Duplicator can be transformed 
into a continuous reduction, and vice versa. 

Suppose Duplicator has a winning strategy p. For any tree t constructed 
by Spoiler, there exist a unique tree t, which will be constructed by Dupli- 
cator if he is using the strategy p. The map t +> tp is continuous by the 
rules of the Wadge game, and t E€ L <=> tp E€ M since p is winning. 

Conversely, suppose there exist a reduction t +> y(t). It follows that 
there exist a sequence nz (without loss of generality, increasing) such that 
the level k of y(t) depends only on the levels 1,...,n, of t. Then the 
strategy for Duplicator is the following: if the number of the round is nx, 
fill in the k-th level of tp according to y(ts); otherwise skip. Q.E.D. 
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Let us now see that the languages L1, Lə2,... form a strict hierarchy, 
i.e., Le Lw Ly for £ > k. Consider the following strategy for Spoiler in 
Gw(Le, Lk). Outside of the leftmost path play 1 all the time - it does 
not matter anyhow. On the leftmost path always play m + 1, where m 
is the last number played by Duplicator on the leftmost path of his tree 
(or 0 if he has kept skipping so far). This strategy only uses numbers 
[1,k +1] C [1,4, so it is legal. Obviously, the highest number we use on 
the leftmost path is of different parity then the highest number used by 
Duplicator, so ts E€ Le <— > tp ¢ Ly. Hence, the strategy is winning for 
Spoiler, and by the lemma above Le w Lx. 

Observe that in the above argument we have shown that Duplicator does 
not have a winning strategy by providing a winning strategy for Spoiler. In 
general it does not always hold that one of the players must have a winning 
strategy in Gw(L, M). Luckily, by Martin’s famous determinacy theorem, 
it holds for Borel sets. 


Theorem 4.2. If L,M are Borel languages, than one of the players has a 
winning strategy in Gw(L, M). 


In fact the power of Wadge games relies on the above result: it lets us 
replace a non-existence proof with an existence proof. Without determinacy, 
Wadge games only give a rather trivial correspondence between reductions 
and strategies. 

The Wadge ordering <w induces a natural equivalence relation, L =w 
M iff L <w M and L >w M. The order induced on the =w equivalence 
classes of Borel languages is called the Wadge hierarchy. The determinacy 
theorem actually gives a very precise information on the shape of the Wadge 
hierarchy. 


Theorem 4.3 (Wadge Lemma). For Borel languages L, M it holds that 
L <w M or L >w M. 


The proof of this result simply transforms Spoiler’s winning strategy in 
Gw(L, M), which must exist by determinacy, into Duplicator’s winning 
strategy in Gw(M, L) (see [11] or [20]). In other words the theorem says 
that the width of the Wadge hierarchy is at most two, and if L and M are 
incomparable, then L =w M. It means that the Wadge ordering is almost 
linear. The second fundamental result states that it is also a well-ordering. 


Theorem 4.4 (Wadge-Martin-Monk). The Wadge hierarchy is wellfounded. 


Altogether, the position of a language in the Wadge hierarchy is determined, 
up to complementation, by its height. 

If L =w L then L is called selfdual. Otherwise L is not comparable with 
L and is called non-selfdual. Steel and Van Weesp proved that the selfdual 
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and non-selfdual levels alternate (see [11]). If the alphabet is finite, which 
is our case, on limit steps we have non-selfduals. Furthermore, the selfduals 
on successor levels can be obtained as disjoint unions of their predecessors. 
All this makes it reasonable to ignore selfduals when counting the height. 
Hence, we choose the following definition of the Wadge degree: 


e dw(L) = sup{dw(M)+1: M is non-selfdual, M <w L} for L >w Ø. 


We have now all the tools necessary to formalize the question asked in 
the title of the present section. For a family of languages F define the 
height of the Wadge hierarchy restricted to F as the order type of the set 
{dw(L): L € F} with respect to the usual order on ordinals. What we are 
interested in is the height of the hierarchy of regular languages. 

We have shown already that the height of the hierarchy of { Lo, L1,..-} 
is w. This of course gives a lower bound for the height of the hierarchy of all 
regular languages. We shall now see how this result can be improved. We 
consider a subclass of regular languages, the languages recognized by weak 
alternating automata. Any lower bound for weak languages will obviously 
hold for regular languages as well. 

It will be convenient to work with languages of binary trees which are 
not necessarily full, i.e., partial functions from {0, 1}* to X with prefix closed 
domain. We call such trees conciliatory. Observe that the definition of weak 
automata works for conciliatory trees as well. We shall write Lo(A) to de- 
note the set of conciliatory trees accepted by A. For conciliatory languages 
L,M one can define a suitable version of Wadge games Gc(L,M). Since 
it is not a problem if the players construct a conciliatory tree during the 
play, they are now both allowed to skip, even infinitely long. Analogously 
one defines the conciliatory hierarchy induced by the order <ç, and the 
conciliatory degree dc. 

The conciliatory hierarchy embeds naturally into the non-selfdual part 
of the Wadge hierarchy. The embedding is given by the mapping L + Lg, 
where L is a language of conciliatory trees over X, and Ls is a language of 
full trees over © U {s} which belong to L when we ignore the nodes labeled 
with s (together with the subtrees rooted in their right children) in a top 
down manner. Proving that L <o M <=> L, <w M, for all conciliatory 
languages L and M only requires translating strategies form one game to 
the other. It can be done easily, since arbitrary skipping in Go(L, M) 
gives the same power as the s labels in Gw(L,, Ms). Within the family of 
languages of finite Borel rank, the embedding is actually an isomorphism, 
and dc(L) = dw(Ls) [7]. 

Observe that if L is recognized by a weak alternating automaton, so 


is L,. Indeed, by adding to 6 a transition p De p for each state p one 
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FIGURE 2. The automata B+ A and A-w. 


transforms an automaton A into A, such that L(As) = (Lo(A)),. Hence, 
the conciliatory subhierarchy of weakly recognizable languages embeds into 
the Wadge hierarchy of weakly recognizable languages, and it is enough to 
show a lower bound for conciliatory languages. 

So far, when constructing hierarchies, we have been defining the whole 
family of languages right off. This time we shall use a different method. 
We shall define operations transforming simple languages into more sophis- 
ticated ones. These operations will induce, almost accurately, classical or- 
dinal operations on the degrees of languages: sum, multiplication by w, and 
exponentiation with the base wı. We shall work with automata on trees 
over a fixed alphabet {a,b}. 

The sum B + A and multiplication A-w are realized by combining au- 
tomata recognizing simpler languages with a carefully designed gadget. The 
constructions are shown on Figure 2. The diamond states are existential 
and the box states are universal. The circle states can be treated as ex- 
istential, but in fact they give no choice to either player. The transitions 
leading to A, A, B and B should be understood as transitions to the initial 
states of the according automata. The priority functions of these automata 
might need shifting up, so that they were not using the value 0. 

The automaton exp A is a bit more tricky. This time, we have to change 
the whole structure of the automaton. Instead of adding one gadget, we 
replace each state of A by a different gadget. The gadget for a state p is 
shown on Figure 3. By replacing p with the gadget we mean that all the 
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FIGURE 3. The gadget to replace p in the construction of exp A. 


transitions ending in p should now end in p’ and all the transitions starting 
in p should start in p”. Note that the state p” is the place where the 
original transition is chosen, so p” should be existential iff p is existential. 
The number j is the least even number greater or equal to 7 = rank p. 

Abusing slightly the notation we may formulate the properties of the 
three constructions as follows. 


Theorem 4.5 (Duparc-Murlak, [7]). For all weak alternating automata A, 
B it holds that dc(B + A) = dc(B) + dc(A), de( A: w) = do(A) - w, and 
dc(exp A) = Praca Ban where 


—-1 if dc(A) <w 
g= 0 if de(A)= 8 +n and coff = wv, 
+1 if dc(A) = 8 +n and cofB = w. 


As a corollary we obtain the promised bound. 


Theorem 4.6 (Duparc-Murlak, [7]). The Wadge hierarchy of weakly rec- 
ognizable tree languages has the height of at least €9, the least fixed point 
of the exponentiation with the base w. 


Proof. It is enough to show the bound for conciliatory languages. By it- 
erating finitely many times sum and multiplication by w we obtain multi- 
plication by ordinals of the form wk, + ... + wk, + ko, i.e., all ordinals 
less then w“. In other words, we can find a weakly recognizable language 
of any conciliatory degree from the closure of {1} by ordinal sum, multipli- 
cation by ordinals < w“ and pseudo-exponentiation with the base w,. It 
is easy to see that the order type of this set is not changed if we replace 
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pseudo-exponentiation with ordinary exponentiation œ œ wf. This in turn 
is isomorphic with the closure of {1} by ordinal sum, multiplication by ordi- 
nals < w”, and exponentiation with the base w”. This last set is obviously 
Eg, the least fixpoint of the exponentiation with the base w. Q.E.D. 


Recently, the second author of this survey has found a modification of 
the pseudo-exponentiation construction which results in ordinary exponen- 
tiation a+ wf. This result makes it very tempting to conjecture that these 
are in fact all Wadge degrees realised by weak automata, and if one replaces 
w 1 by w“, one gets the degree of the language in the Wadge hierarchy re- 
stricted to weakly recognizable languages. 

Supposing that the conjecture is true, the next step is an effective de- 
scription of each degree. Or, in other words, an algorithm to calculate the 
position of a given language in the hierarchy. Obtaining such a description 
for all regular languages is the ultimate goal of the field we are surveying. 
So far this goal is seems far away. The solution might actually rely on 
analytical determinacy. On the other hand, it may also be the case that 
determinacy for regular languages is implied by ZFC. The knowledge in this 
subject is scarce. 

To end up with some good news, the problem has been solved for an im- 
portant and natural subclass of regular languages, the languages recognized 
by deterministic automata (see below for definition). 


Theorem 4.7 (Murlak, [17]). The hierarchy of deterministically recogniz- 
able languages has the height of w + 3. Furthermore, there exist an 
algorithm calculating the exact position of a given language in this hierar- 
chy. 


5 Topology versus computation 


In this concluding section we should like to confront the classical defin- 
ability hierarchies with the automata-theoretic hierarchies based on the 
Mostowski—Rabin index. To this end, let us first recall the concepts of 
non-deterministic and deterministic tree automata. They are special cases 
of alternating automata, but it is convenient to use traditional definitions. 
A non-deterministic parity tree automaton over trees in Ty can be pre- 
sented as A = (£, Q, qo, ô, rank), where d CQ x Ux QxQ. A transition 
(q,0, p1, p2) € 6 is usually written q S p1, po. 

A run of A on a tree t € Ty is itself a tree in Tg such that p(e) = qo, 


and, for each w € dom (p), p(w) Be p(w), p(w2) is a transition in ô. A 
path in p is accepting if the highest rank occurring infinitely often along it is 
even. A run is accepting if so are all its paths. Again, the Mostowski-Rabin 
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index of an automaton is the pair (minrank(Q),maxrank(Q)), where we 
assume that the first component is 0 or 1. 

An automaton is deterministic if ô is a partial function from Q x X to 
Q x Q. It can be observed that languages W(,,,,) defined in Section 3 can 
be recognized by non-deterministic automata of index (:, K), respectively, 
and that languages T(,,,,) defined there can be recognized by deterministic 
automata of corresponding indices. 

In general, the index may decrease if we replace an automaton by an 
equivalent one of higher type. For example, it is not hard to see that the 
complements of languages T,,«) can all be recognized by non-deterministic 
automata of index (1,2) (Biichi automata), hence these languages them- 
selves are of alternating index (0,1). But it was showed in [18] that these lan- 
guages form a hierarchy for the Mostowski-Rabin index of non-deterministic 
automata. It can be further observed that all Tj...) with (0,1) E (v,«) are 
II}-complete, hence by the general theory [11], they are all equivalent w.r.t. 
the Wadge reducibility. (In fact, it is not difficult to find the reductions to 
T(o,1) directly.) So in this case the automata-theoretic hierarchy is more fine 
than the Wadge hierarchy, which is a bit surprising in view of the fineness 
of the latter hierarchy, as seen in the previous section. 


Let us now compare the index hierarchy and the Wadge hierarchy. For 
infinite words, this comparison reveals a beautiful correspondence, discov- 
ered by Klaus Wagner. 


Theorem 5.1 (Wagner, [27]). 


1. Regular w-languages have exactly the Wadge degrees of the form 
wink +... + wini + no for k < w and no,...,ne < wW. 


2. The languages recognized by deterministic automata using k+1 ranks 
(index [0, k] or [1, k + 1]) correspond to degrees < wf. 


Hence, for regular w-languages, the Wadge hierarchy is a refinement of the 
index hierarchy. For trees the situation is more complex because we have 
four nontrivial hierarchies (alternating, weak-alternating, nondeterministic, 
and deterministic). 

The correspondence for weak alternating automata is not yet fully un- 
derstood. By Theorem 3.5, the raise of topological complexity (in terms 
of Borel hierarchy) forces the raise of the index complexity. However, the 
converse is an open problem. A priori it is possible that an infinite sequence 
of tree languages witnessing the weak index hierarchy can be found inside 
a single Borel class, although it would be rather surprising. 

What we do know is that a similar pathology cannot happen for de- 
terministically recognizable tree languages. Indeed, for this class the two 
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hierarchies are largely compatible, however their scope is not large: a deter- 
ministic language can either be recognized by a weak automaton of index 
(at most) (0,3), and hence, by Theorem 3.5 is in the Borel class II}, or it 
is II}-complete [19]. Moreover, the membership in Borel and in weak-index 
classes is decidable for deterministic languages [19, 16]. 

On the other hand, the kind of pathology described above actually does 
happen if we regard the deterministic index hierarchy, i.e., for a determinis- 
tically recognizable language we look for the lowest index of a deterministic 
automaton recognizing it (the case rarely considered in literature). Observe 
that the hierarchy of regular w-languages embeds into the hierarchy of de- 
terministic tree languages by a mapping L +> {t: the leftmost branch of t 
is in L}. Recall that all the regular w-languages are Boolean combinations 
of X9 languages, denoted Boole(X$). It follows that there are deterministic 
tree languages from each level of the deterministic index hierarchy which 
are inside Boole(X$). At the same time one only needs index (0,1) to get a 
II}-complete set. In other words, for some II}-complete languages (0,1) is 
enough, but there are £9 languages which need an arbitrarily high index! 
This means that the deterministic index hierarchy does not embed into 
the Wadge hierarchy. Apparently, it measures an entirely different kind of 
complexity. 

One might suspect that alternating index would be a more suitable mea- 
sure in this context. Alternation saves us from increasing the index with 
complementation. Indeed, the complementation of an alternating automa- 
ton is done simply by swapping Q3 and Qy, and shifting the ranks by one. 
(To make complementation easy was an original motivation behind alter- 
nating automata [15].) If a language has index (1, x), its complement will 
only need (t,«), and vice versa. As it was stated in Section 3, the strong 
game languages showing the strictness of the alternating hierarchy form also 
a strict hierarchy within the Wadge hierarchy. In fact, since each recogniz- 
able tree language can be continuously reduced to one of them, they give 
a scaffold for further investigation of the hierarchy. Such a scaffold will be 
much needed since the non-Borel part of the Wadge hierarchy is a much 
dreaded and rarely visited place. 


References 


[1] J. W. Addison. Tarski’s theory of definability: common themes in 
descriptive set theory, recursive function theory, classical pure logic, 
and finite-universe logic. Ann. Pure Appl. Logic, 126(1-3):77-92, 2004. 


[2] A. Arnold. The p-calculus alternation-depth hierarchy is strict on bi- 
nary trees. ITA, 33(4/5):329-340, 1999. 


On the topological complexity of tree languages 27 


[3] 


10 


11 


12 


13 


14 


15 


A. Arnold and D. Niwiński. Continuous separation of game languages. 
To appear. 


A. Arnold and D. Niwinski. Fixed point characterization of büchi au- 
tomata on infinite trees. Elektronische Informationsverarbeitung und 
Kybernetik, 26(8/9):451-459, 1990. 


A. Arnold and D. Niwiński. Rudiments of u-calculus, volume 146 of 
Studies in Logic and the Foundations of Mathematics. North-Holland 
Publishing Co., Amsterdam, 2001. 


J. C. Bradfield. Simplifying the modal mu-calculus alternation hierar- 
chy. In M. Morvan, C. Meinel, and D. Krob, editors, STACS, volume 
1373 of Lecture Notes in Computer Science, pages 39—49. Springer, 
1998. 


J. Duparc and F. Murlak. On the topological complexity of weakly 
recognizable tree languages. In E. Csuhaj-Varju and Z. Esik, editors, 
FCT, volume 4639 of Lecture Notes in Computer Science, pages 261- 
273. Springer, 2007. 


E. A. Emerson and C. S. Jutla. Tree automata, mu-calculus and de- 
terminacy (extended abstract). In FOCS, pages 368-377. IEEE, 1991. 


E. Gradel, W. Thomas, and Thomas. Wilke, editors. Automata, Log- 
ics, and Infinite Games: A Guide to Current Research [outcome of a 
Dagstuhl seminar, February 2001], volume 2500 of Lecture Notes in 
Computer Science. Springer, 2002. 


P. G. Hinman. Recursion-theoretic hierarchies. Springer-Verlag, Berlin, 
1978. Perspectives in Mathematical Logic. 


A. S. Kechris. Classical descriptive set theory, volume 156 of Graduate 
Texts in Mathematics. Springer-Verlag, New York, 1995. 


Y. N. Moschovakis. Descriptive set theory, volume 100 of Studies in 
Logic and the Foundations of Mathematics. North-Holland Publishing 
Co., Amsterdam, 1980. 


A. W. Mostowski. Games with forbidden positions. Preprint 78, Uni- 
wersytet Gdansk, Instytyt Matematyki, 1991. 


A. W. Mostowski. Hierarchies of weak automata and weak monadic 
formulas. Theor. Comput. Sci., 83(2):323-335, 1991. 


D. E. Muller and P. E. Schupp. Alternating automata on infinite trees. 
Theor. Comput. Sci., 54:267-276, 1987. 


28 


[16] 


[17] 


18 


19 


20 


[21] 


[22] 


23 


24 


25 


[26] 


[27] 


A. Arnold, J. Duparc, F. Murlak, D. Niwiński 


F. Murlak. On deciding topological classes of deterministic tree lan- 
guages. In C.-H. L. Ong, editor, CSL, volume 3634 of Lecture Notes in 
Computer Science, pages 428-441. Springer, 2005. 


F. Murlak. The wadge hierarchy of deterministic tree languages. In 
M. Bugliesi, B. Preneel, V. Sassone, and I. Wegener, editors, ICALP 
(2), volume 4052 of Lecture Notes in Computer Science, pages 408-419. 
Springer, 2006. 


D. Niwiński. On fixed-point clones (extended abstract). In L. Kott, ed- 
itor, ICALP, volume 226 of Lecture Notes in Computer Science, pages 
464—473. Springer, 1986. 


D. Niwinski and I. Walukiewicz. A gap property of deterministic tree 
languages. Theor. Comput. Sci., 1(303):215-231, 2003. 


D. Perrin and J.-E. Pin. Infinite Words. Automata, Semigroups, Logic 
and Games, volume 141 of Pure and Applied Mathematics. Elsevier, 
Amsterdam, 2004. 


M. O. Rabin. Decidability of second-order theories and automata on 
infinite trees. Trans. Amer. Math. Soc., 141:1-35, 1969. 


M. O. Rabin. Weakly definable relations and special automata. In 
Mathematical Logic and Foundations of Set Theory (Proc. Internat. 
Collog., Jerusalem, 1968), pages 1-23. North-Holland, Amsterdam, 
1970. 


H. Rogers, Jr. Theory of recursive functions and effective computability. 
McGraw-Hill Book Co., New York, 1967. 


J. Skurcezynski. The borel hierarchy is infinite in the class of regular 
sets of trees. Theor. Comput. Sci., 112(2):413-418, 1993. 


W. Thomas. A hierarchy of sets of infinite trees. In A. B. Cremers 
and H.-P. Kriegel, editors, Theoretical Computer Science, volume 145 
of Lecture Notes in Computer Science, pages 335-342. Springer, 1983. 


W. Thomas. Languages, automata, and logic. In Handbook of formal 
languages, Vol. 3, pages 389-455. Springer, Berlin, 1997. 


K. Wagner. On omega-regular sets. Information and Control, 
43(2):123-177, 1979. 


Nondeterministic controllers of 
nondeterministic processes 


André Arnold 
Igor Walukiewicz 


Laboratoire Bordelais de Recherche en Informatique 
Université Bordeaux 1 

351 cours de la Libération 

33405 Talence cedex, France 
andre.arnold@club-internet.fr, igw@labri.fr 


Abstract 


The controller synthesis problem as formalized by Ramadge and 
Wonham consists of finding a finite controller that when synchronized 
with a given plant results in a system satisfying a required property. 
In this setting, both a plant and a controller are deterministic fi- 
nite automata, while synchronization is modelled by a synchronous 
product. Originally, the framework was developed only for safety and 
some deadlock properties. More recently, Arnold et. al. have extended 
the setting to all mu-calculus expressible properties and proposed a 
reduction of the synthesis problem to the satisfiability problem of the 
mu-calculus. They have also presented some results on decidability 
of distributed synthesis problem where one requires to find several 
controllers that control the plant at the same time. The additional 
difficulty in this case is that each controller is aware of a different 
part of the whole system. In this paper, an extension of the setting 
to nondeterministic processes is studied. 


1 Introduction 


At the end of the eighties, Ramadge and Wonham introduced the theory 
of control of discrete event systems (see the survey [13] and the books [6] 
and [3]). In this theory a process (also called a plant) is a deterministic 
non-complete finite state automaton over an alphabet A of events, which 
defines all possible sequential behaviours of the process. The goal is to find 
for a given plant another process, called controller, such that a synchronous 
product of the plant and the controller satisfies desired properties. The 
usual properties considered are for instance, that some dangerous states are 
never reachable, or that one can always go back to the initial state of the 
plant. In decentralized control one looks for a fixed number of controllers 
that control the plant simultaneously. 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 29-52. 
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In the setting described above one assumes that both a plant and con- 
trollers are deterministic automata. This paper examines what changes 
when assumption on determinism is dropped. It is shown that nondeter- 
minism in a plant can be handled at no cost, while nondeterminism in 
controllers may lead to undecidability in the case of decentralized control. 

The synthesis problem would be interesting neither form theoretical nor 
from practical point of view if there were no additional restrictions on con- 
trollers. In the most standard form a restriction is determined by two sub- 
sets Aunc and Ayops of the alphabet A with the associated requirement that: 


(C) For any state q of the controller, and for any uncontrollable event a, 
there is a transition from q labelled by a. 


(O) For any state q of the controller, and for any unobservable event a, if 
there is a transition from q labelled by a then this transition is a loop 
over q. 


In other words, a controller must react to any uncontrollable event and 
cannot detect the occurrence of an unobservable event. 

In [1] an extension of this setting was proposed that handles specifica- 
tions expressed in the mu-calculus, or rather in its extension called modal 
loop mu-calculus. This allowed a more general formulation of the synthesis 
problem: 


(CC) Given a plant P and two formulas a and £, does there exist a 
controller R satisfying 8 such that P x R satisfies a? 


With formulas a and 8 one can express properties (C) and (O) but also 
much more, as for example that an action becomes unobservable after a 
failure has occurred, or that always one of two actions is controllable but 
never both at the same time. 

The problem (CC) can be solved thanks to the division operation [1]. 
For a process P and a formula a there is a formula a/P such that: RF a/P 
iff Px RE a. This way a process R is a solution to (CC) if and only if 
RE (a/P) AB. As (a/P) A @ is a formula of the modal loop mu-calculus 
the synthesis problem reduces to the constructive satisfiability problem: 
construct a model for a formula whenever a model exists. The latter is 
decidable and a witnessing model, which is a controller, can be constructed. 

Ramadge and Wonham have considered also the problem of synthesis of 
decentralized controllers: a plant can be supervised by several independent 
controllers (instead of only one). But each controller has its own set of con- 
trollable and observable events. Hence, the decentralized control problem 
is to find Rı,..., Rn such that the supervised system P x R, x --- x Rn 
satisfies the specification S and for each i, R; satisfies (C;) and (O;). More 
generally, in our setting, the decentralized control problem is: 
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(DC) Given a plant P and modal-loop mu-calculus formulas a, (1, 
..,8n, do there exist controllers R; satisfying @; (for i = 1,...,n) 
such that P x Ri x --- x Rn satisfies a? 


In [1] it is shown how to solve a decentralized control problem when at 
most one of the formulas a; restrains visibility of a controller. If one allows 
to put visibility restrictions on at least two controllers then the existence of 
a solution to the problem is undecidable. 

Till now, all the constructions assumed that processes are deterministic 
automata. This may be a limiting assumption if, for example, a plant is a 
model of a continuous system. In this case a continuous domain of values 
must be sampled to a discrete one. Hence, the same measurement can 
correspond to different values that may have different effect on the behaviour 
of the plant. For similar reasons, the result of actions of controllers may be 
also not completely determined. 

In this paper, we show that in the case of centralized synthesis the 
approach via division operation still works. We do this by generalizing 
the division operation described above to a division by a nondeterministic 
process. This shows that nondeterminism in a plant can be handled at no 
cost. Next, we study decidability of (DC) problem. Thanks to the division, 
allowing nondeterministic plant does not make the problem more complex. 
By contrast, if we allow at least two controllers to be nondeterministic, 
then the problem becomes undecidable even for formulas in the standard 
mu-calculus. We study also the case when at most one of the controllers 
can be nondeterministic, obtaining a full characterisation of decidability of 
(DC) problem. 

The paper is organized as follows. In the next section we introduce 
processes and automata on processes. This will be a rather rich version 
of alternating automata that has not only loop testing, Oa, but also indis- 
tinguishability testing |ļa p. Intuitively, the first constraint will be used to 
say that a controller cannot observe a, and the second that it cannot make 
a difference between a and b. These kinds of automata were introduced 
in [1], and lla, test was added in [2]. In Section 3 we give basic properties 
of these automata, like closure under boolean operations and decidability 
of emptiness. Section 4 presents an operation of division of an automaton 
by a process. This operation is used in the following section to solve cen- 
tralized synthesis problem and to eliminate the plant from formalization of 
decentralized synthesis problem. Main results of the paper are given in this 
section. The proofs of decidability and undecidability results announced 
here are given in Sections 6 and 7 respectively. 
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2 Processes and automata 
2.1 Processes 


Let A be a finite alphabet of actions. A process is a finite graph with a 
distinguished node and with edges labelled by actions: 


P=(S,A,s°€S,eCSx Ax S) 


We shall usually refer to nodes as states. We shall write s  s’ instead 
of (s,a,s’) E€ e, and will say that there is a transition labelled a form a 
state s to a state s’. A process is deterministic if e is a partial function 
e: Sx A— S. We shall write out p(s, a) for the set of states reachable from 
s by a transition labelled a: outp(s,a) = {s’: s 5 3'}. 

A product of two processes over the same alphabet is standard 


Px R= (Sp x Spr, A, (sh, 8%), epxr) 


where ((sp, SR), @,(5‘p, S'R)) E€ epxr if (Sp, a, sp) € ep and (sp, a, Shp) € er. 
2.2 Games 


As our specification language we shall use a rich variant of alternating au- 
tomata that we shall introduce in the next subsection. It will be very con- 
venient to describe its semantics in terms of games, so we recall necessary 
definitions here. 

A game G is a tuple (Vp, Va, T C (Ve U Va)?, Ace C V”) where Acc is 
a set defining the winning condition, and (Vg U Va, T} is a graph with the 
vertices partitioned into those of Eve and those of Adam. We say that a 
vertex v’ is a successor of a vertex v if T(v,v’) holds. 

A play between Eve and Adam from some vertex v € V = Vg U Va pro- 
ceeds as follows: if v € Vg then Eve makes a choice of a successor, otherwise 
Adam chooses a successor; from this successor the same rule applies and 
the play goes on forever unless one of the parties cannot make a move. The 
player who cannot make a move looses. The result of an infinite play is an 
infinite path voviv2... This path is winning for Eve if it belongs to Acc. 
Otherwise Adam is the winner. 

A strategy o for Eve is a function assigning to every sequence of vertices 
v ending in a vertex v from Vg a vertex o(v) which is a successor of v. 
A play respecting o is a sequence vovi... such that vi+ı = o(v;) for all i 
with v; € Vg. The strategy o is winning for Eve from a vertex v iff all the 
plays starting in v and respecting o are winning. A vertex is winning if 
there exists a strategy winning from it. The strategies for Adam are defined 
similarly. A strategy is positional if it does not depend on the sequence of 
vertices that were played till now, but only on the present vertex. So such 
a strategy can be represented as a function o : Vz — V and identified with 
a choice of edges in the graph of the game. 
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In this paper the winning conditions Acc C V“ will be regular conditions. 
That is conditions defined in monadic second-order logic on sequences. An 
important special case is a parity condition. It is a condition determined by 
a function Q : V > {0,...,d} in the following way: 


Acc = {vovi ... E€ V” : limsupQ(v;) is even} 
t— CO 

Hence, in this case, each position is assigned a natural number and we 
require that the largest among those appearing infinitely often is even. This 
condition was discovered by Mostowski [9] and is the most useful form of 
regular conditions. It guarantees existence of positional strategies [4, 10, 
8]. It is closed by negation (the negation of a parity condition is a parity 
condition). It is universal in the sense that every game with a regular 
condition can be reduced to a game with a parity condition [9]. 

The main results about games that we need are summarized in the fol- 
lowing theorem and uses results from [7, 4, 10]. 


Theorem 2.1. Every game with regular winning conditions is determined, 
i.e., every vertex is winning for one of the players. It is algorithmically 
decidable who is a winner from a given vertex in a finite game. In a parity 
game a player has a positional strategy winning from each of his winning 
vertices. 


2.3 Automata 


We shall need automata that work on graphs. These automata should cope 
with multiple outgoing edges with the same label. Moreover, we should like 
to equip them with tests of some simple structural graph properties. They 
will be able to check that an edge on a given letter is a self-loop or that the 
edges on two different letters lead to the same states. To incorporate all 
these tests it will be simpler to define automata which use a kind of modal 
formulas over the set of states in a process. Thus we start with defining 
these formulas. 

Let A be an alphabet and let Q be a finite set. The set of modal formulas 
over A and Q, denoted F(A, Q), is the smallest set closed under the following 
rules: 


e tt, ff, q, Oa, Oa, Lao Ia p are formulas, for any q € Q and a,b € A. 
e a V Gand a A B are formulas for all a, 8 € F(A, Q). 
e (aja and [ala are formulas for all a € F(A, Q) and a € A. 


An automaton over a set of actions A is a tuple: 


A= (Q, A, q? € Q,6:Q > F(A, Q), Ace € Q”) 
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where Q is a finite set of states, A is a finite alphabet, and Acc is an 
accepting condition that is a regular set of infinite sequences of states. 

The acceptance of a process P by an automaton A is defined in terms of 
strategies in a game G(P, A) that we describe now. Let F^ be the smallest 
set of formulas closed under taking subformulas, and containing all formulas 
in the range of 6 together with tt and ff. We have 


G(P, A) = (VE, Va, T, Acca) 
where 


eVe=S*x Få, and Få is the set of formulas form F^ of one of the 
forms: ff, Oa, lla bq, (ada, a V B. 


e Va = S x FA — Vp. 


e From (s,tt) and (s, ff) no move is possible. 


e From (s, ©a) there is a move to (s,tt) if outp(s,a) = {s} and to 
(s, ff) otherwise. 


e From (s, |la b) there is a move to (s, tt) if outp(s,a) = out p(s, b) and 
to (s, ff) otherwise. 


e Similarly for (s, Oa) and (s, |la p) but with roles of (s, tt) and (s, ff) 
interchanged. 


e From (s,a/A 3) as well as from (s, aV 8) there are moves to (s, aœ) and 


to (s, 8). 


e From (s, (a)a) and from (s, [a]a) there are moves to (t, œ) for every 
t € out(s, a). 


e Finally, from (s, q) there is a move to (s, ô(q)). 


e The winning condition Accg contains sequences such that when look- 
ing only at the elements of Q appearing in the sequence we obtain an 
element of Acc. 


We say that P satisfies A, in symbols P F A, if Eve has a winning 
strategy in G(P, A) from (s°, ¢°), which is the pair consisting from the initial 
states of P and A, respectively. As our automata are very close to formulas 
we prefer to talk about satisfiability instead of acceptance. We shall still use 
some automata terminology though. For example, the language recognized 
by an automaton A will be the class of processes that satisfy A. 

Our automata are a variant of alternating automata. In particular the 
formulas used in the transition function are “closed” under disjunction and 
conjunction. Using standard constructions on alternating automata we get. 
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Proposition 2.2. The class of languages recognized by automata is closed 
under sum, intersection and complement. 


This proposition allows to write AAC to denote an automaton which 
recognizes L(A) N L(C). 


Definition 2.3. An automaton is called simple if formulas in its transition 
function use none of Oa, Oa, lla,b, Wap: 


A simple automaton is nothing else but a y-calculus formula in a different 
presentation. Using the results on the p-calculus we have: 


Theorem 2.4 (Emerson-Jutla, [4]). It is decidable if for a given simple 
automaton A there is a process P such that PF A. Similarly, if we require 
P to be deterministic. In both cases a process P can be constructed if the 
answer is positive. 


Theorem 2.5 (Niwinski-Janin-Walukiewicz, [11, 5]). Over deterministic 
systems which are trees, the expressive power of simple automata is equiv- 
alent to that of monadic second-order logic. Over all processes: a property 
is expressible by a simple automaton iff it is expressible in monadic second- 
order logic and bisimulation invariant. 


3 Satisfiability 


The basic question one can ask about our automata model is whether for 
a given automaton A there is a process that satisfies it. From the previous 
section we know that there is an algorithm answering this question in the 
case of simple automata. We shall now reduce the general case to that 
of simple automata. For this, we shall encode information about loops 
and parallel tests in additional transitions. This way for a process P we 
shall define a process Code(P). It will then turn out that behaviour of an 
automaton over P can be simulated by a behaviour of a simple automaton 
over Code(P). 
A type of a state s of a process P is: 


type(s) = {Oq: out(s,a) = {s}} U {lla b: out(s, a) = out(s, b)} 


Let Types(A) be the set of all possible types over an alphabet A. 

Note that if 7 € Types(A) and Įļa pE T then OaE T implies Op,€ T, and 
also Jla cE T implies ||, c€ T. 

Fix an alphabet A and some arbitrary ordering <4 on it. For a process 
P over an alphabet A we define its code Code(P) over an alphabet A U 
Types(A). For each state s of P we do the following: 


e Add a transition on action T = type(s), the target of this transition 
is some arbitrary fixed state (say, the initial state). 
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e Remove transitions on a if OaE type(s) or lla bE type(s) for some 
b<4a. 


Let C be a simple automaton expressing the conditions: 
e For every state there is transition on exactly one letter from Types(A). 


e For every a € A, there is no transition on a if OaE T or lane T for 
some b <4 a. 


Lemma 3.1. The process Code(P) satisfies C and has no loops s 5 s 
Moreover, Code(P) is deterministic if P is. If R is a process satisfying C 
without loops s + s then there is a unique process P such that Code(P) is 
isomorphic to R. 


The next step is to transform an automaton over an alphabet A into an 
“equivalent” automaton over an alphabet AUTypes(A). Take an automaton 


= (Q,4,9°,6: Q > F(A, Q), Acc C Q*) 
We first define transformation, Code(a), on formulas from F(A, Q): 
e Code(q) = 
e Code(Oa) = V{(7)tt : 7 € Types(A), Oa€ T}. Similarly for || a5. 
e Code(G,) = V{(r)tt : T € Types(A), Oa¥ T}. Similarly for Jla 
e Code(a V 3) = Code(a) V Code(), and similarly for the conjunction. 
e Code((a)a) = V{(7)tt A Code((a)a, 7) : 7 € Types(A)} where 
Code(a) if OaE T 


Code((a)a,T) = a V V{(b)Code(a) :Jla pE T} otherwise 


Code([aJa) = V{(T)tt A Code([a]a, T) : T € Types(A)}; where the 
definition of Code([ala,7) is as above but replacing (a) by [a], (b) by 
[b], and disjunctions by conjunctions. 


Then automaton Code(A) is the same as A except for the transition function 
dcode- We put dcoae(q) = Code(ô(q)). The following lemma follows directly 
from definitions. 


Lemma 3.2. For every process P and automaton A over an alphabet A: 


PEA iff Code(P) F Code(.A) 
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Observe that Code(A) is simple, i.e., does not use neither © nor || 
constraints. Using Code(A) we can transfer results from simple automata 
to the general case. 


Theorem 3.3. It is decidable if for a given automaton A there exist a 
process P such that P E A. Similarly, if we ask for P being deterministic. 
In both cases, if the answer is positive then a process satisfying A can be 
constructed. 


Proof. Consider Code(A). As Code( A) AC is a simple automaton, by The- 
orem 2.4 we can test if there exists a process R F Code(A) AC. Unfold- 
ing the loops of R we can construct a process R’ without loops such that 
R’ E Code(A) AC. Lemma 3.1 gives us a process P such that Code(P) 
is isomorphic to R’, hence Code(P) F Code(A). By Lemma 3.2 we have 
PFE A. This construction works also when we require P to be deterministic. 

Conversely, if P is a (deterministic) process that satisfies A then the 
(deterministic) process Code(P) satisfies Code( A), by Lemma 3.2, and C, 
by Lemma 3.1. Q.E.D. 


4 Quotient for extended automata 


In this section we present an operation that will permit us to reduce synthe- 
sis problems to the satisfiability problems. Consider an extended automaton 
A = (Q, A, qo, ô, Acc) and a process P = (S, A, s°,e) over a common alpha- 
bet A. Our goal is to construct an automaton A/P such that for every 
process R: 


RE A/P ifandonlyif PxREA 

We first define a division a/s for a a formula from F(A,Q), and s a 

state of P. The result is a formula from F(A, Q x S): 
q/s = (4,8) 

(a V b)/s = a/s V p/s (a ^ b)/s = a/s ^A p/s 

((a)a)/s = (a) V {a/s :s 5s} ([ala)/s = [a] A {a/s : s 4 s'} 
Now 

A/P = (Q x 5, A, (9°, 8°), 57: Q x S > F(Q x 8), 9) 

where 6/(q, s) = 6(q)/s; recall that 6(q) € F(Q), so ô(q)/s E€ F(Q x S). 


Theorem 4.1. Let A be an alphabet. For every extended automaton A 
and every process P, both over A, there is an automaton A/P such that 
for every process R over A: 


RE A/P ifandonlyif PxREA 
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Proof. Fix a process R. We examine the games Gx = G(P x R,A) and 
G; = G(R, A/P). We want to show how a move of one of the players in Gx 
from a position of the form ((s,r),a) can be mimicked by, possibly several, 
moves of the same player in Gy from (r,a/s). For example, suppose that a 
position has the form ((s,r), aœ V 3) and that Eve chooses ((s,r), œ). From 
a position (r, (œ V 8)/s)) this move can be mimicked by going to (r,a/s). 
Slightly more complicated is the case of ((s,7), (aja). In this case Eve can 
choose ((s’,r’),a) for s * s’ and r & r’. From (r, ((a)a)/s) this move can 
be mimicked by first choosing (r’,\/{a/s” : s & s’’}) and then (r’,a/s’); 
this is possible as ((a)a)/s = (a) \V{a/s" : s S s}. The cases of aA 8 and 
(ala are dual. 

These observations show that any play in Gx can be mimicked in G,, so 
the same player has a winning strategy from ((s°,r°),q°) in Gx and from 
(r°, (q°, s°)) in Gy. 

Q.E.D. 
5 Solving controller synthesis problems 
Equipped with the operation of division we can reduce the control problem 
to the satisfiability problem. 
5.1 Centralized control 
As we have argued in the introduction, the centralized controller synthesis 
problem can be formulated as: 


For a given process P and two automata A, B over an alphabet A, 
find R such that: 
PxREA and REB 


We denote by Sol( P, A, B) the set of solutions to the problem. The following 
is a direct corollary of Theorem 4.1 


Corollary 5.1. For every process R: 
R € Sol(P, A, B) if and only if RE (A/P) AB. 
This means that solving a synthesis problem amounts to checking empti- 
ness of the automaton (A/P)AB. Theorem 2.1 then states that this problem 


is decidable both for the general, nondeterministic, case as well as for the 
case of deterministic processes. 


5.2 Decentralized control 


The decentralized controller synthesis problem is: 


For a given process P and automata A, B1,..., Bn over an alphabet 
A, find Ri,..., Rn such that: 


PxRix---xX RnFA and R;F B; for alli=1,...,n 
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Thanks to Theorem 4.1 we can take A/P and remove P from the left hand 
side. This shows that we can as well consider the following simpler formu- 
lation of the problem where P is not mentioned. 


For a given automata A, B1,..., Bn over an alphabet A, find Ri,..., Rn 
such that: 


Rı X: X Rr FA and R;F B; for alli=1,...,n 


This last problem was studied in [1, 2] in the case when Rı,..., Rn are re- 
quired to be deterministic. In particular the problem was shown decidable 
when all but one 6; are simple. We shall see later that the same problem 
is undecidable in the nondeterministic case. To better understand the de- 
cidable/undecidable borderline we propose a classification of decentralized 
synthesis problems with respect to restrictions on Rj,..., Ry. 

A pair (pt, st) C {det, nondet} x {simple, full} describes requirements 
on processes and specifications. A choice of a number of components and a 
type for each component determines a distributed control problem: 


DS(n, (pti, sti), sey (Ptn, stn)): 


Given automata A, B,,...,8, such that B; is simple if st; = simple, 
find Ri,..., Rn such that R; is deterministic if pt; = det, satisfying 
Px Ri X- X Rn = A and Ri F B; for alli=1,...,n. 


The following theorem gives a complete classification of these problems 
with respect to decidability. 


Theorem 5.2. The problem DS(A, (pti, sti),..., (ptn, Stn )) is decidable iff 
e There is at most one i such that st; = full. 
e There is at most one j such that pt; = nondet and moreover j F i. 


The proof of this theorem will be given in the two following sections. In 
terms of the decentralized control problem formulated at the beginning of 
the section, we get that the problem is decidable if at most one of $; is not 
simple and at most one Rj is allowed to be nondeterministic (moreover j # 
i). Probably the most important difference with respect to the deterministic 
case considered in [1] is that now P can be nondeterministic. 


6 The decidable sub-case of decentralized control 


We should like to show the right to left implication of Theorem 5.2. The 
solution in the case when all Rı,..., Rn are required to be deterministic 
uses the following extension of the quotient operation: 
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Theorem 6.1 (Arnold-Vincent-Walukiewicz, [1]). For every automaton A 
and every simple automaton B there is an automaton A/B such that for 
every deterministic process P: 


PE A/B iff AR. R deterministic, RF B, and Px RE A 


Here we show existence of a variant of this division operation. The differ- 
ence is that the existentially quantified process R need not be deterministic. 


Theorem 6.2. For every automaton A and every simple automaton $, 
there is an automaton A/naetB such that for every deterministic process P: 


PEA/natB iff AR. RE Band Px REA 


U 


Before giving the proof of this theorem let us show how it can be used 
to prove right to left direction of Theorem 5.2. 

Let us assume that st, = full and pt; = nondet. First, we find 
a deterministic process R, F (A/naetb1/B2.../Bn-1) A Bn. If none ex- 
ists then the problem has no solutions. Otherwise, by Theorem 3.3, we 
can construct required Rn. Equipped with it we can find a determinis- 
tic process Rn—1 F (A/Rn/naetb1/B2... /Bn-2) A Bn-1. This construction 
can be repeated, giving Rn-1..., until we construct a deterministic Rz F 
(A/Rn/Rn—-i/---/R3/nactB1) \ Bo. Once Ro,..., Rn are fixed, we can look 
for, this time nondeterministic, process Ry F (A/Ry/Ry-1/.../R2) A Bi. 
By the above two theorems on division operations, R,,..., Rn is a solu- 
tion to the problem. The theorems also guarantee that all solutions to the 
problem can be obtained this way. 

The rest of this section presents the proof of Theorem 6.2. We want to 
transform the property of a deterministic process P: 


JR. REB and PxREA (1.1) 


to an equivalent formulation that is expressible by an automaton. This will 
be our automaton A/B. 

The first step is to introduce well-typed processes and restrict our prob- 
lem only to this kind of processes. Given a process P over an alphabet 
A, a well-typed process, wt(P), is a process over the alphabet A U P(A) 
that is obtained form P by adding a new state T, and precisely one ac- 
tion from each state as follows: to a state s of P we add a transition to 
T on out? (s) € P(A), where out? (s) is the set of actions possible form s, 
out? (s) = {b : out? (s, b) Æ Ø}. It should be clear that there is an automa- 
ton checking if a processes is of the form wt(P). It is also easy, given an 
automaton C, to construct an automaton C’ such that for all processes P 
over an alphabet A 


wt(P)EC if PEC 
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This means that in the following we can consider only processes of the form 
wt(P). We call these processes well-typed. 

The restriction to well-typed processes is important for the first simpli- 
fication step. We want to find an automaton D such that (1.1) is equivalent 
to 


IR. PxRED (1.2) 


For this we construct an automaton B’ and show that (1.1) is equivalent to 
dR’. Px R'F BAP x R EA. Having this, we can just take B’ A A for 
D. We call a process over AU P(A) typed if every state has precisely one 
transition on a letter from P(A). Compared with well-typed processes, we 
do not put any restriction what a y is. We also define a safe extension of a 
typed process R to be a process obtained form R by adding some states and 
transitions provided that if (s,b,t) is an added transition and s is a state 
from R then t must be an added state and b must not appear in the label of 
the unique action from P(A) possible from s. With these definitions we can 
say what the automation B’ is. We want B’ to accept a process if it is typed, 
and moreover it has a safe extension that is accepted by B. It remains to 
argue that B’ has the desired property. For one direction suppose that we 
have R’ with P x R' E B’ and P x R'E A’. If P x R'E B’ then, by the 
definition of B’, there is a safe extension R of P x R’ that satisfies B. By 
the definition of the safe extension, and the fact that P is well-typed we 
have that P x R! = Px R. So Px RE A. Now consider the opposite 
direction. Take R which is assumed to exists and add to R a state T as 
well as transitions to T from each state of R on every letter from P(A). 
As B does not talk about the actions from P(A) then R’ F B. We have 
P x R' = B’ because P x R’ is typed and R’ is a safe extension of P x R’. 
We also have P x R'E Aas A does not talk about actions from P(A). 

The above argument reduces our task to the problem of expressing by 
an automaton the property (1.2) of well-typed P. First, we shall consider 
a simpler property where the branching of the process R we quantify over 
is bounded by k, i.e. for every s € R and a, |out(s,a)| < k. 


JR. branching(R)<k and Px RED (1.3) 


This formulation will allow us to use the division operation for the de- 
terministic case, i.e, Theorem 6.1. Consider processes over an alphabet 
Af = Ax {1,...,k}. A deterministic process P’ over an alphabet Aj) rep- 
resents a nondeterministic process red(P’) over an alphabet A where each 
action (a,i), for i =1,...,k, is mapped to a. Every nondeterministic pro- 
cess of branching bounded by k can be represented in such a way (in general 
not uniquely). From automaton D it is easy to construct an automaton Dj, 
which accepts a process P’ over Ajg) iff red(P’) is accepted by D. Consider 
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Di,j/tt where tt is an automaton accepting all the processes over Ajj. By 
Theorem 6.1 we have 


P'E Dix /tt iff JR’. P'x R'E Dik; 


Here, all the processes are over Ajj. For a deterministic process P over 
A we can define Py) to be a deterministic process over Aj) where there is 
an edge (b,2), for i = 1,...,k, between two nodes iff in P there is an edge 
b between them. For an automaton D’ over Aj) is easy to construct an 
automaton red(D’) such that for all deterministic processes P over A 


PE red(D’) iff Pik) z D' 


With this we get 


PHE red (Dik /tt) iff Pir = Dixy /tt iff AR’. Pry x R'E Dik] 


where R’ and Py) are over the alphabet Aj). By definition, the last formula 
is equivalent to 4R’.red(Py) x R') = D. As P is deterministic red( Py) x 
R’) = P x red(R’). It is easy to see that (1.3) is equivalent to JR’. P x 
red(R’) E D and in consequence to P E red(Dj,j/tt). So, for A/nactB we 
could take red(Dj,)/tt) if only we could find a bound on k. 

We are left to show that we can bound the branching in our prob- 
lem (1.2), so that we can fix k. The following proposition gives the desired 
bound. 


Lemma 6.3. Let P be a deterministic process and let A be an automaton 
with parity acceptance conditions. If there is (possibly nondeterministic) 
process R such that: 

PxREA 


then there is R’ with the same property which has the branching degree 
| Al|A] 


Proof. Take R such that P x RF A. Then Eve has a positional winning 
strategy (cf. Theorem 2.1) in the game G(P x R,A). This strategy is a 
function o : (Px R)x Fé — (Px R)x F^ which to pairs of the form (s,aV3) 
assigns either (s, a) or (s, 3); and to pairs of the form (s, (b)q@) assigns a pair 
(s’,a) for some s’ € outpxr(s,b). This function has the property that all 
the plays respecting suggestions of this function are winning for Eve. 

Take some state s of P x R. Let us(s,b), the set of useful successors, be 
the set of all successors t of s such that (t, œ) = o(s, (b)a@) for some formula 
(bja. Because the number of formulas of this kind is bounded by the size 
of A, so is the size of us(s, b). 

The intention is that we should like to prune P x R so that on ac- 
tion b from s only edges to us(s,b) remain. This may not be correct 
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as the following example shows. Suppose that us(s,b) = us(s,c), while 
out px r(s,b) 4 outpxr(s,c). Now, the result of ||». test will be different 
in P x R and in the pruned structure. Hence, it may happen that A does 
not accept the pruned structure. 

In order to avoid the problem mentioned in the above paragraph we 
extend us(s,b) to us’(s,b). For every state s and action b, let us’(s,b) be a 
set satisfying the following. 


e us(s,b) C us’(s, b). 


e if sO, then s € us'(s, b). 


e if s F © then either us’(s,b’) = Ø, or s’ € us'(s,b') for some s’ Æ s 
and s’ € outpxr(s, b). 


e if s Fl, then us’(s,b) = us’(s,c). 


e if s F Ilpo and outpyp(s,b) Z outpxr(s,c) then s’ € us'(s,b) for 
some arbitrary chosen s’ € outpxr(s,b) — out px R(s, ©). 


It is easy to see that us’(s,b) can be chosen in such a way that it is at most 
|A|-times bigger than us(s, b). 

Now take P x R and delete all edges (s,b,t) such that t ¢ us'(s,b). 
Let us call the resulting process R’. In R’, strategy o is still a winning 
strategy because we have only limited choices for Adam. Hence, Eve wins 
in G(R’, A), and in consequence R’ = A. We have that P x R'E A, as 
Px R' = R’, since P is deterministic. By construction, the branching of R’ 
is bounded by the maximal possible size of us’(s,b) which is |A||A]. 

Q.E.D. 


Remark 6.4. If the restriction of determinism of P is dropped than the 
division A/naetB does not exist even when A and B are simple. For example, 
take A which says that all maximal paths are of the form a*b, and if a 
state has an successor on action a then it does not have one on action b. 
Consider A/naetA. Condition P F A/naetA means that there is R such 
that Px RE A and RF A. If P had two paths atb and afb of different 
length then in P x R we would have a path that does not finish with b. 
This implies that P F A/naetA iff there is k such that all the paths in P 
have the form a*b. So the set of processes satisfying A/naetA is not regular. 
Observe that in this argument it did not matter whether we restrict to R 
being deterministic or not. 


Remark 6.5. Even when restricting to deterministic processes, automaton 
A/B may not exist if B is not simple. In [1] it is shown that decentralized 
control problem is undecidable for n = 2 if both 6; and Bz are automata 
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with ©, constraints. In [2] undecidability is shown when both automata 
used |ļa p constraints, or when one uses ©, constrains and the other ||a» 
constraints. 


7 Undecidable cases of decentralized control 
In this subsection we show left to right direction of Theorem 5.2. It will be 
enough to study the version of the control problem for two processes: 


(ABC) Given automata A, B and C over the same action alphabet A, 
do there exist, possibly nondeterministic, processes P, R such that 


PEA, REB and Px REC. 


First, we shall show that the problem is undecidable even when A, B and 
C are simple automata. This will give the proof of Theorem 5.2 for the case 
when there are at least two processes that can be nondeterministic. Next, 
we shall consider the case when at most one of the processes can be non- 
deterministic. We shall show that the above problem is undecidable when 
only R can be nondeterministic, and when B can use either © constraints or 
{| constrains. This not only will imply the remaining part of Theorem 5.2, 
but will also show that restricting our automata uniquely to © constraints 
or to || constraints does not change the decidability classification. 

Before showing these results we should like to introduce a syntactic 
extension of our setting which will make the presentation easier. We shall 
suppose that we have propositional letters labelling states of processes. So 
each process comes not only with an alphabet of actions but also with an 
alphabet A of propositions: 


P= (A,A;S8,s°,e CS x Ax S, A: S SA) 


Automata are also extended to reflect this, so the transition function can 
test what is a label of the current state: 


A =(Q,4,4A,¢°,6:Qx A— F(A, Q), Acc C Q”) 


There are many possible definitions of a product of two processes with 
state labels. Here we choose the one that will suit our needs. Given two 
processes over the same action alphabet, but possibly different proposition 
alphabets: 


P= (A, Ap, Sp, sb, ep, AP) R= (A, Ar, SR, Sh, €R, AR) 
we define their product as: 


POE R= (A, Ap x Ar, Sp x Spr, (sb, 85%), eg, ào) 
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where Ag(sp, sr) = (Ap(Sp),AR(SR)) and, as before, ((sp, SR), a, (5'p, 5‘p)) 
E eg iff (sp,a, sp) € ep and (sR, 4a, 5'p) € er. 

It is quite straightforward to see how to simulate propositional letters 
by actions. One can add propositional letters to the action alphabet and 
require that from each state there is a transition on exactly one propositional 
letter; the target of this transitions is of no importance. 

The problem with this coding is that the standard product does not 
reflect our ®@-product. In order to recover the ®-product, we first make 
the alphabets Ap and Ap disjoint. Let P, R denote respective plants with 
encoding of propositions as described above. We add to every state of P an 
action on every letter from Apr and to every state of R an action on every 
letter of Ap. This way we have that P x Ris the encoding of P ® R: from 
every state of P x R we have a successor on exactly one letter from Ap and 
on one letter from Ap. 

After these remarks it should be clear that instead of the problem (ABC) 
we can consider the problem (ABCg) where the processes are allowed to 
have propositions and ® is used in place of ordinary product. 


(ABCg) Given automata A, B and C over the same action alphabet 
A, and over proposition alphabets Aq, Ap and Aa x Ay» respectively, 
do there exist processes P, R such that 


PEA, REB and PREC. 


Thus, the following proposition implies the undecidability of the prob- 
lem (ABC). 


Proposition 7.1. The problem (ABC@) is undecidable. 


Proof. We shall present a reduction of the halting problem. Let us fix a 
deterministic Turing machine together with an alphabet [ needed to en- 
code its configurations. We write c F c’ to say that a configuration c’ is 
a successor of a configuration c. Without a loss of generality we assume 
that the machine loops from the accepting configuration. We shall use just 
one action letter, so we shall not mention it in the description below. The 
alphabet of propositions will contain [ and special symbols: l and #. The 
nodes labelled by / will be called /-nodes; similarly for #-nodes, and y-nodes 
for y € I. We shall say that a node is a T’-node, if it is a y-node for some 
y. We shall also talk about an /-successor of a node, this a successor that is 
an l-node. Finally, when we shall say that there is a path 71 . . . Yn in a pro- 
cess, this would mean that there is a sequence of nodes, that is a path, and 
such that the propositional letters associated to nodes form the sequence 
Y1 +++ Yn- 

We want to construct A, B and C so that the problem (ABCg) has a 
solution iff the machine accepts when started from the empty tape. Consider 
the following three conditions that will be used for specifications A and B: 


46 A. Arnold and I. Walukiewicz 


xı 
a V1 A 
~ P VN. 
; 7 Tse 42 es 
ie at #° 
PG Fas 
È Ya ye 
Aa 
yw 


FIGURE 1. Intended shape of a process satisfying AB1, AB2, AB3. 


AB1 Every /-node has an /-successor and a [-successor. Every T’-node has 
either only [-nodes or only #-nodes as successors. 


AB2 From every [-node, every path reaches a #-node. 
AB3 Every #-node has only #-nodes as successors. 


The intended shape of a process satisfying these conditions is presented 
in Figure 1. These conditions do not imply that the shape is exactly as 
presented in the figure. For example, they do not guarantee that there is 
only one infinite path labelled with J. 

The constraints on the product of two processes are listed below. They 
are formulated in terms of the product alphabet. 


C1 Every (l, !)-node has an (l, !)-successor and an (y, y)-successor for some 
y ET. Moreover all its successors are labelled either by (l,l), (1,7), 


(y,) or (7,7). 


C2 Every maximal path starting with (LD (y, y) has a form 
(L D'ATE, #)° where A = {(7,7): 7 ET}. 


C3 Every maximal path that starts with (J, Di (y1, 1) (q2, 71) for some 71, 72, 
yı E T has the form: (l, 1)* (y1, D) (92; 1) -+ - (Ves Ve-1)(# Ye) (Æ, #)”- 
Moreover 71 . . . Yk F Y4 -Yp Or the two are identical if y1 . . . Yk is an 
accepting configuration. 


C4 For every path labelled (l, 1) (y1, Y2). -- (Yk, 7K) (#4; #)”, the sequence 
Yı -. -Yk represents the initial configuration for the Turing machine. 
An accepting state of the machine appears in the tree. 
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Let C be the automaton expressing the conjunction of the conditions 
C1-C4. We claim that with this choice of automata the problem (ABC@) 
has a solution iff the Turing machine halts on the initial configuration. 

We first consider an easy direction. Suppose that the Turing machine 
halts on the initial configuration. Then we construct P and R as in the 
Figure 1, where for every i the sequence of T letters after l’ is the i-th con- 
figuration of the machine (we assume that all configurations are represented 
by words of the same length). This way P and R satisfy conditions AB1-3. 
It is straightforward to verify that P & R satisfies the conditions C1-C4. 

For the other direction, suppose that P and R are as required. We 
shall show that the machine has an accepting computation from the initial 
configuration. 

First, we show that the conditions we have imposed limit very much 
possible nondeterminism in P and R. Take any n and a path labelled 
l” -Yk Æ” in P as well as a path labelled I"y,...7j,,#° in R. These 
paths exist by conditions AB1-AB3. In P x R these two paths give a path 
that starts with (l, 1)” (71,71). The condition AB1 implies that yı = %4. 
Consequently, the condition AB2 implies that kn = Mn and q; = ¥; for all 
i= 1,..., kn. This allows us to define un = 71 . . . Yk,- To summarize, in P 
all paths of the form /”'+#” have the same labels: ["u,#”. Similarly for 
paths in R. 

It remains to show that un is the n-th configuration of the computation 
of the Turing machine. By condition A3, we know that wu, is the initial 
configuration. Consider now a path in P ® R labelled with 


(LD (15 2) (yas V1) «+ (Yes Yea) Ved) HS A)” 


This path exists as it is a product of a path in P starting with /”y,; anda 
path in R starting with ["*1+,. We have that un = J1... Yk and Un+ı = 
Yi --- Yp- By the condition A2 we get un F Un+1- Q.E.D. 


This finishes the case of Theorem 5.2 when at least two processes can 
be nondeterministic. It remains to consider the case when only one of the 
processes, say R can be nondeterministic, and when specification B of R is 
not simple. We shall show that in this case the problem is undecidable even 
if B uses uniquely || constraints, or uniquely © constraints. Recall that the 
problem is decidable if $ is simple, i.e. uses neither || nor ©. 


Proposition 7.2. The problem (ABC@) is undecidable if P is required to 
be deterministic but R may be nondeterministic and moreover a specifica- 
tion for R may use constraints ||. 


The reduction is very similar to the previous one. We just need to replace 
nondeterminism with appropriate use of ||. This time our processes will be 
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FIGURE 2. || constraints. Intended shapes of P and R. 


over the alphabet of two actions {a,b}. The intended shapes of processes 
P and R are shown in the Figure 2. 

The shape of P is almost the same as in the previous construction, 
but as P needs to be deterministic, some a transitions have to be changed 
to b transitions. Process R has almost the same structure as P but it is 
nondeterministic, and each a transition has a b transition in parallel. 

Looking at P @ R we get almost exactly the same structure as in the 
case of nondeterministic processes. The fact that process P is deterministic 
and that the two transitions from an l-node of P have different actions is 
compensated by the fact that a and b transitions have the same targets in 
R. 

The formalization of the constraints and the proof of the proposition is 
almost the same as in case of Proposition 7.1. The following proposition 
treats the remaining case of © constraints. 


Proposition 7.3. The problem (ABCe) is undecidable when P is required 
to be deterministic but R may be nondeterministic and moreover a specifi- 
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cation for R may use looping constraints ©. 


Proof. Consider an instance of the Post correspondence problem: 


{(u1, U1), ER. (uk, vk) }; 


where all u;, v; are words over an alphabet ©. Let D = {1,...,k} stand for 
the alphabet of indices. As an alphabet of actions we take A = XU DU 
{a1, a2, 3,#}, with an assumption that the last four actions do not appear 
in XU D. 


The specification A for P will require that 


A1 Every state, except the root, has only one successor. The root has 
successors on Qı and Qz. 


A2 There is a maximal path of the form a1fi1uj;,...imus,,7 for some 
i1,... İm E D. 


A3 There is a maximal path of the form a2(91U;,...jmUj,3 for some 
Jis- -Jm € D. 

Observe that together with requirement that P is deterministic, the first 
condition implies that P has exactly two maximal paths. The shape of P 
is presented in Figure 3. 


The specification 6 for R will require that: 
B1 The root has loops on actions a; and a2 and some transitions on /. 


B2 There is a path from the root of the form GX*#. Every node on this 
path except the root has loops on all actions from D and has a suc- 
cessor on at most one action from E U {#}. 


B3 There is a path from the root of the form @D*#. This time every node 
except the root has loops on actions from © and a successor on at 
most one action from D U {#}. 


The intended shape of a process satisfying $ is presented in Figure 3. Ob- 
serve that we cannot force this process to be deterministic. 

The specification C for P x R will require that all the paths are finite 
and that the last action on every path is #. 

We claim that with this choice of A, B, and C, the problem (ABC) has a 
solution iff the instance of the Post correspondence problem has a solution. 

For the right-to-left direction, take a solution 71,..., 7% to the correspon- 
dence problem. We construct P that has two paths: a1 birui ...tmUi,,# 
and a2/%10;, ..-4mi,,#- As R we take a process as depicted in Figure 3 
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where the path satisfying condition B2 has the form Bu; ...ui,,#, and the 
path satisfying B3 is Bi, ...im#. It is easy to see that P x R satisfies A. 
For the direction from left to right suppose that P and R are a solution 
to the problem. Consider a path of R labelled GX*# satisfying B2 and 
the path ai birui ...imui,, Æ of P as required by the condition A2. Recall 
that there are loops on a; and a2 in the root of R. This means that 
the two paths synchronize, at least at the beginning. The only way that 
the synchronization can continue until # is that uj, ...ui,, is exactly the 
labelling of the path in R. We can use the same argument for the path 
Q2391V;, -..JmVj, 7 and in consequence we get Ui.. -Uim = Uj, ---V;,- Tf 
we now repeat this argument once again but with a path of R labelled with 
BD*+# as required by condition B3 then we shall get that i1 ... îm = 1... Jn- 
This finishes the proof. Q.E.D. 


We can now summarize how the three propositions of this subsection can 
be used to show left to right implication of Theorem 5.2. If two of the pro- 
cesses F; are allowed to be nondeterministic then the undecidability follows 
from Proposition 7.1. The case when there are two automata that are not 
simple but all processes are deterministic was proven in [1] for © constraints 
and in [2] for || constraints, and a mix of © and || constraints. If a spec- 
ification can use either © or || constraints and the corresponding process 
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can be nondeterministic then undecidability follows from Propositions 7.2 
and 7.3, respectively. 


8 Conclusions 


In this paper we have studied the controller synthesis problem for nondeter- 
ministic plants and controllers. We have seen that going from deterministic 
to nondeterministic plants does not change the complexity of the problem. 
Allowing nondeterministic controllers is more delicate. It can be done in 
centralized case, but in the decentralized case at most one controller can be 
nondeterministic, moreover it should be able to observe all actions of the 
plant. 

Let us briefly comment on the complexity of the constructions presented 
here. The operation of division by a process gives an exponential blow-up. 
It is unavoidable for the same reason as in a translation from alternating 
to nondeterministic automaton. The complexity of the construction for 
division by automaton is also exponential. 

Given the results above one can ask whether they also apply to the 
setting of architectures of Pnueli and Rosner [12]. It is quite simple to 
encode this latter setting into our setting using unobservable actions. Thus 
all decidability results in our setting transfer to architecture setting. As for 
undecidability results, one can show by methods very similar to those used 
in this paper that even two element pipeline becomes undecidable when 
specifications for controllers are allowed to be nondeterministic. 
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Abstract 

Continuous-time Markov decision processes (CTMDPs) are widely 
used for the control of queueing systems, epidemic and manufacturing 
processes. Various results on optimal schedulers for discounted and 
average reward optimality criteria in CTMDPs are known, but the 
typical game-theoretic winning objectives have received scant atten- 
tion so far. This paper studies various sorts of reachability objectives 
for CTMDPs. The central result is that for any CTMDP, reward 
reachability objectives are dual to timed ones. 


1 Introduction 


Having their roots in economics, Markov decision processes (MDPs, for 
short) in computer science are used in application areas such as randomised 
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distributed algorithms and security protocols. The discrete probabilities are 
used to model random phenomena in such algorithms, like flipping a coin 
or choosing an identity from a fixed range according to a uniform distribu- 
tion, whereas the nondeterminism in MDPs is used to specify unknown or 
underspecified behaviour, e.g., concurrency (interleaving) or the unknown 
malicious behavior of an attacker. 

MDPs—also considered as turn-based 15-player stochastic games— 
consist of decision epochs, states, actions, and transition probabilities. On 
entering a state, an action, a, say, is nondeterministically selected and the 
next state is determined randomly by a probability distribution that de- 
pends on a. Actions may incur a reward, interpreted as gain, or dually, 
as cost. Schedulers or strategies prescribe which actions to choose in a 
state. One of the simplest schedulers, the so-called memoryless ones, base 
their decision solely on the current state and not on the further history. A 
plethora of results for MDPs are known that mainly focus on finding an 
optimal scheduler for a certain objective, see e.g. [8]. For, e.g., reachabil- 
ity objectives—find a scheduler, possibly the simplest one, that maximises 
the probability to reach a set of states— memoryless schedulers suffice and 
can be determined in polynomial time. For step-bounded reachability ob- 
jectives, finite memory schedulers are sufficient. These schedulers perform 
the selection process on the basis of a finite piece of information, typically 
encoded as a finite-state automaton that runs in parallel to the MDP at 
hand. 

This paper considers turn-based 14-player stochastically timed games, 
also known as continuous-time Markov decision processes (CTMDPs) [8]. 
They behave as MDPs but in addition their timing behaviour is random. 
The probability to stay at most t time units in a state is determined by a 
negative exponential distribution of which the rate depends on a. A reward 
is obtained which is linearly dependent on the time t spent in state s, as 
well as on a factor 0(s, a), the state- and action-dependent reward rate. In 
contrast to MDPs, CTMDPs have received far less attention; a reason for 
this might be the increased complexity when moving to continuous time. 
This paper studies reachability objectives for CTMDPs, in particular time- 
bounded reachability—what is the optimal policy to reach a set of states 
within a certain deadline—reward-bounded reachability, and their combi- 
nation. We survey the results in this field, and show that reward-bounded 
and time-bounded reachability are interchangeable. 

The presented reachability objectives are for instance relevant for job- 
shop scheduling problems where individual jobs have a random exponential 
duration, see e.g., [5]. The problem of finding a schedule for a fixed number 
of such (preemptable) jobs on a given set of identical machines such that the 
probability to meet a given deadline is maximised, is, in fact, an instance 


Reachability in continuous-time Markov reward decision processes 55 


of timed reachability on CTMDPs. Optimal memoryless strategies exist for 
minimising the sum of the job completion times, but, as is shown, this is 
not the case for maximising the probability to reach the deadline. The same 
applies for maximising the probability to complete all jobs within a fixed 
cost. 

This paper is further structured as follows. Section 2 rehearses the 
necessary background in the area of Markov decision processes, schedulers, 
stochastic processes, and reachability objectives. Section 3 then recalls the 
logic CSRL and discusses its semantics for continuous-time Markov reward 
decision processes. Section 4 then discusses a number of new results on 
the duality of the roles of time and reward in such processes. Section 5 
concludes the paper. 


2 Preliminaries 
2.1 Markov decision processes 


Let AP be a fixed set of atomic propositions. 


Definition 2.1 (CTMDP). A continuous-time Markov decision process 
(CTMDP) M is a tuple (S, Act, R, L) with S, a countable set of states, 
Act, a set of actions, R : S x Act x S — Ryo, the rate function such that 
for each s € S there exists a pair (a, s’) E€ Act x S with R(s,a,s’) > 0, and 
labeling function L : S — 24”, 


The set of actions that are enabled in state s is denoted Act(s) = {a € 
Act | ds’. R(s, a, s’) > 0}. The above condition thus requires each state to 
have at least one outgoing transition. Note that this condition can easily 
be fulfilled by adding self-loops. 

The operational behavior of a CTMDP is as follows. On entering state s, 
an action a, say, in Act(s) is nondeterministically selected. Let R(s, a, B) 
denote the total rate from state s to some state in B, i.e., 


R(s, a, B) = > Ris, a,5/). 


s/EB 


Given that action œ has been chosen, the probability that the transition 
s—% s' can be triggered within the next t time units is 1 — e-R(~s Yt, 
The delay of transition s—*> s’ is thus governed by a negative evned 
distribution with rate R(s,a, s’). If multiple outgoing transitions exist for 
the chosen action, they compete according to their exponentially distributed 
delays. For B C S, let E(s,a) = R(s,a, S) denote the exit rate of state 
s under action a. If E(s,a) > 0, the probability to move from s to s’ 
via action a within ¢ time units, i.e., the probability that s ——> s’ wins the 


56 C. Baier, B. R. Haverkort, H. Hermanns, J.-P. Katoen 


competition among all outgoing a-transitions of s is: 


R(s, a, s’) = j 
SaS) (4 _ Blea) 
E(s, a) (= )? 


where the first factor describes the discrete probability to take transition 
s —*> s' and the second factor reflects the sojourn time in state s given that 
s is left via action a. Note that the sojourn time is distributed negative 
exponentially with rate equal to the sum of the rates of the outgoing a- 
transitions of state s. This is conform the minimum property of exponential 
distributions. 

A CTMC (a continuous-time Markov chain) is a CTMDP in which for 
each state s, Act(s) is a singleton. In this case, the selection of actions is 
purely deterministic, and R can be projected on an (S x S) matrix, known 
as the transition rate matrix. 


Definition 2.2 (MDP). A (discrete-time) Markov decision process (MDP) 
M is a tuple (S, Act, P, L) with S, Act, and L as before and P : S x Act x 
S — [0,1], a probability function such that for each pair (s, a): 


P(s,a,s’) € {0,1}. 


s'ES 


A DTMC (a discrete-time Markov chain) is an MDP in which for each 
state s, Act(s) is a singleton. In this case, P can be projected on an (S x S) 
matrix, known as the transition probability matrix of a DIMC. 


Definition 2.3 (Embedded MDP of a CTMDP). For CTMDP M = 
(S$, Act, R, L), the discrete probability of selecting transition s > s’ is de- 
termined by the embedded MDP, denoted emb(M) = (S, Act, P, L), with: 


R(s,a,s’) . 
Pilsa j = “Es, a)” if E(s,a) > 0, 
0, otherwise. 


P(s, a, s’) is the time-abstract probability for the a-transition from s to 
s’ on selecting action a. For B C S let P(s,a, B) = X yep P(s,a,8’). 


Definition 2.4 (Path ina CTMDP). An infinite path in a CTMDP M = 
(S, Act, R, L) is a sequence so, a0, to, $1, @1, t1, $2, @2,t2,... in (S x Act x 
Rso)”, written as: 


at t ait 
So 0,40 sı Q&1ı,t1 S2 2 ,t2 


Any finite prefix of ø that ends in a state is a finite path in M. Let 
Paths(M) denote the set of infinite paths in M. 
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Let o = so <n s; S141, g, Ont, ... € Paths(M). The time-ab- 
stract path of ø is sọ “% sı s2 => ..., the corresponding action- 
abstract path is: so fo, 5, 1 5, 2 .. ., and the time- and action-abstract 
path is the state sequence so, 51, 82,.... Let first(a7) denote the first state of 
o. For finite path ø, last(7) denotes the last state of ø, and a — s denotes 
the finite time- and action-abstract path ø followed by state s. For i € N, 
let oļi] = s; denote the (i+1)-st state of o. o@t denotes the state occupied 
at time instant t € Ryo, i.e., At = o[k] where k is the smallest index such 


that Sot >t. 


Definition 2.5 (CMRDP). A continuous-time Markov reward decision pro- 
cess (CMRDP) is a pair (M, o) with M a CTMDP with state space S and 
0: S x Act > R>o a reward function. 


CMRDPs are often called CTMDPs in the literature [8]. The state 
reward function o assigns to each state s € S and action a € Act a reward 
rate o(s,a). Under the condition that action a has been selected in state s, a 
reward 0(s, «)-t is acquired after residing t time units in state s. Recall that t 
is governed by an exponential distribution with rate E(s, a), i.e., t randomly 
depends on action a. A path through a CMRDP is a path through its 
underlying CTMDP. For timed path o = sp <+% 5, <H, 5, O22, ... 
and t = Jig ti +t with U < tp let: 


k—1 


y(o,t) = X` trolsi, ai) +t-0lSk, On) 
i=0 


the accumulated reward along ø up to time t. An MRM (Markov reward 
model) is a CTMC equipped with a reward function. As an MRM is action- 
deterministic, ọ may be viewed as a function of the type S — R>o. 


2.2 Schedulers 


CMRDPs incorporate nondeterministic decisions, not present in CTMCs. 
Nondeterminism in a CTMDP is resolved by a scheduler. In the litera- 
ture, schedulers are sometimes also referred to as adversaries, policies, or 
strategies. For deciding which of the next nondeterministic actions to take, 
a scheduler may “have access” to the current state only or to the path 
from the initial to the current state (either with or without timing infor- 
mation). Schedulers may select the next action either (i) deterministically, 
i.e., depending on the available information, the next action is chosen in 
a deterministic way, or (ii) in a randomized fashion, i.e., depending on 
the available information the next action is chosen probabilistically. Ac- 
cordingly, the following classes of schedulers D are distinguished [8], where 
Distr(Act) denotes the collection of all probability distributions on Act: 
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e stationary Markovian deterministic (SMD), D : S — Act such that 
D(s) € Act(s) 


e stationary Markovian randomized (SMR), D : S — Distr(Act) such 
that D(s)(a) >0 implies a € Act(s) 


e Markovian deterministic (MD, also called step-dependent schedulers), 
D: S x N = Act such that D(s,n) € Act(s) 


e Markovian randomized (MR), D : S x IN —> Distr(Act) such that 
D(s,n)(@) > 0 implies a € Act(s) 


e (time-abstract) history-dependent, deterministic (HD), D: (S x Act)* 
x S — Act such that 


D( 89 <> sı => ... = sn) € Act(Sn) 
N_e 
time-abstract history 


e (time-abstract) history-dependent, randomized (HR), D : (Sx Act)* x 
S — Distr(Act) such that D(so > sı > ... “*=*++,8n)(a) > 0 
implies a € Act(s,). 


All these schedulers are time-abstract and cannot base their decisions on 
the sojourn times. Timed (measurable) schedulers [9, 7] are not considered 
in this paper. Finally, let X denote the class of all X-schedulers over a fixed 
CTMDP M.! 

Note that for any HD-scheduler, the actions can be dropped from the 
history, i.e., HD-schedulers may be considered as functions D : St — 
Act, as for any sequence so, 51,.--,S, the relevant actions a; are given 
by a; = D(s0, $1,---,8:), and, hence, the scheduled action sequence can be 
constructed from prefixes of the path at hand. Any state-action sequence 
So <> sı < n-i, sp where a; # D(so,81,.--,8;) for some i, does 
not describe a path fragment that can be obtained om D. 

The scheduler-types form a hierarchy, e.g., any SMD-scheduler can be 
viewed as an MD-scheduler (by ignoring parameter n) which, in turn, can be 
viewed as an HD-scheduler (by ignoring everything from the history except 
its length). A similar hierarchy exists between SMR, MR, and HR sched- 
ulers. Moreover, deterministic schedulers can be regarded as trivial versions 
of their corresponding randomized counterparts that assign probability one 
to the actions selected. 


1 Strictly speaking, we should write X (M) but M is omitted as it should be clear from 
the context. 
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2.3 Induced stochastic process 


Given a scheduler D (of arbitrary type listed above) and a starting state, D 
induces a stochastic process on a CTMDP M. For deterministic schedulers 
(HD, MD, and SMD), the induced process is a CTMC, referred to as Mp 
in the sequel. For MD- and HD-schedulers, though, the state space of M p 
will in general be infinitely large (but countable). 


Definition 2.6 (Induced CTMC of a CTMDP). Let M = (S, Act, R, L) 
be a CTMDP and D : S*+ — Act an HD-scheduler on M. The CTMC 
Mp = (S*,Rp,L’) with: 


Rilast(c), D(o), s), if o' = 0 8, 
0, otherwise, 


Rp(o,o') = { 


and L'(o) = L(last(c)). 
The embedded DTMC emb(M p) is a tuple (S*, Pp, L) where: 


Rp(g, a’) : 
Pp(a,o’) = Ep(o) ’ if Ep(0) > 0, 
0, otherwise. 


Here, Ep(c) = Rp(a,$*), i.e., the exit rate of o in Mp. States in CTMC 
Mp can be seen as state sequences so Sq ee ee | Sn COT- 
responding to time- and action-abstract path fragments in the CTMDP 
M. State s, stands for the current state in the CTMDP whereas states 
So through sn—1ı describe the history. Intuitively, the stochastic process in- 
duced by an HD-scheduler D on the CTMDP M results from unfolding M 
into an (infinite) tree while resolving the nondeterministic choices according 
to D. For SMD-schedulers, the induced CTMC is guaranteed to be finite. 
More precisely, for SMD-scheduler D, Mp can be viewed as a CTMC with 
the original state space S, as all sequences that end in s, say, are lumping 
equivalent [6]. 

In contrast to a CTMDP (or MDP), a CTMC (or DTMC) is a fully 
determined stochastic process. For a given initial state sọ in CTMC M, 
a unique probability measure Prs, on Paths(so) exists, where Paths(so) 
denotes the set of timed paths that start in sọ. Timed paths through a 
CTMC are defined as for CTMDPs, but by nature are action-abstract. The 
inductive construction of the probability measure below follows [2], the fact 
that we allow countable-state Markov chains does not alter the construc- 
tion. Let P be the probability matrix of the embedded DTMC of M and 


let Cyl(sp 42 --- ey sk) denote the cylinder set consisting of all timed 


paths ø that start in state so such that s; (i < k) is the (i+1)th state on 
o and the time spent in s; lies in the non-empty interval I; (i < k) in Ryo. 
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The cylinder sets induce the probability measure Prs, on the timed paths 
through M, defined by induction on k by Prs, (Cyl(so)) = 1, and, for k > 0: 


Prao (Cyl(s0 Æ> --» 4 sp os!) = 


Prea (Cyl(so Æ> +++ == s54)): Plan, 3") - (e~Flen)-@ — eE) b), 


where a = inf J’ and b = sup I’. 


2.4 Reachability objectives 


For CTMDP M with state space S and B C S, we consider the maximum 
(or, dually, minimum) probability to reach B under a given class of sched- 
ulers. Let ©B denote the event to eventually reach some state in B, OS' B 
the same event with the extra condition that B is reached within t time 
units, and O<, B the event that B is eventually reached within accumu- 
lated reward r. The event oS .B asserts that B is reached within t time 
units and accumulated reward at most r. Note that the accumulated reward 
gained depends on the sojourn times in states, hence the bounds t and r are 
not independent. It is not difficult to assess that these events are measur- 
able for the time-abstract schedulers considered here. A detailed proof of 
the measurability of ©St B for measurable timed schedulers (a richer class 
of schedulers) can be found in [7]. The probability for such an event ọ to 
hold in state s of M is denoted Pr(s H y), i.e., 


Pr(s Fy) = Prs{o € Paths(M) |o H vp}. 


The maximal probability to reach a state in B under a HR-scheduler is 
given by: 
Prir (s = OB) = sup Pr(s FE OB). 
DEHR 


In a similar way, Prie (s = OB) = inf penr Pr(s K OB). 

The following result follows immediately from the fact that for event 
©B it suffices to consider the embedded MDP of a given CTMDP, and the 
fact that memoryless schedulers for finite MDPs exist that maximize the 
reachability probability for B. Such memoryless schedulers are obtained in 
polynomial time by solving a linear optimization problem. A similar result 
holds for minimal probabilities and for events of the form ©S"B, i.e., the 
event that B is reached within n € N steps (i.e., transitions). Note that the 
event ©S* B requires a state in B to be reached within ¢ time units (using 
an arbitrary number of transitions), while OS" B requires B to be reached 
in n discrete steps, regardless of the time spent to reach B. 


Lemma 2.7 (Optimal SMD schedulers for reachability). Let M be a finite 
CTMDP with state space S and B C S. There exists an SMD scheduler D 
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such that for any s € S: 


Pr?(s KE OB) = Pr@*(s E OB). 


2.5 Time- and cost-bounded reachability 
Consider the following class of CTMDPs: 


Definition 2.8 (Uniform CTMDP). A CTMDP (5S, Act, R, L) is uniform 
if for some E > 0 it holds E(s,a) = E for any state s € S and a € Act(s). 


Stated in words, in a uniform CTMDP the exit rates for all states and 
all enabled actions are equal. It follows from [3]: 


Theorem 2.9 (Optimal MD schedulers for timed reachability). Let M be 
a finite uniform CTMDP with state space S, t € R>o and B C S. There 
exists an MD scheduler D such that for any s € S: 


Pr? (s = O“ B) = Prig (s E OSB), 


An ¢-approximation of such scheduler, i.e., a scheduler that obtains 
Pr?” (s = ©S*B) up to an accuracy of €, can be obtained in polynomial time 
by a greedy backward reachability algorithm as presented in [3]. A similar 
result can be obtained for minimal time-bounded reachability probabilities 
by selecting a transition with smallest, rather than largest, probability in 
the greedy algorithm. 

The following example shows that memoryless schedulers for maximal 
time-bounded reachability probabilities may not exist. 


Example 2.10 (Optimal SMD schedulers may not exist). Consider the 
following uniform CTMDP: 


| i 
B 
Ally. 
1 
CR 


Action labels and rates are indicated at each edge. Let B = { s2}, and 
consider the SMD-schedulers, Da, selecting action a in state so, and Dg, 
selecting action 3. Comparing them with Dga, i.e., the scheduler that after 
selecting 8 once switches to selecting a in state sg, we find that for a certain 
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range of time bounds t, Dga outperforms both Dg and Da. Intuitively, the 
probability of stuttering in state so (by choosing ( initially) may influence 
the remaining time to reach B to an extent that it becomes profitable to 
continue choosing a. For t = 0.5, for instance, Prp,,, (so, OS™ B) = 0.4152, 
whereas for Da and Dg these probabilities are 0.3935 and 0.3996, respec- 
tively. 


The following result is of importance later and is based on a result in 
[3]. Informally, it states that maximal (and minimal) probabilities for timed 
reachabilities in CTMDPs under deterministic and randomised HD sched- 
ulers coincide. As this result holds for arbitrary CTMDPs, there is no need 
to restrict to uniform ones here. 


Theorem 2.11 (Maximal probabilities are invariant under randomization). 
For CMRDP M with state space S, s E€ S and B C S, it holds for any 
r,t € Rsp U{ oo}: 


SUP DEHD Pr” (s F OSB) = suppeur Pr” (s = O“ B) 

SUP peHD Pr” (s H Og, B) = SUPDEHR Pr?” (s H <r B) 
Pr” (s ESS B) = Pr?” (s H OS! B 

suPpenp Pr (s H <r ) = suūppemr Pr (s E <r ). 


Analogous results hold for minimal probabilities for the events OS'B, O<,B, 
and OS} B. 


Proof. For any HD-scheduler D for the CTMDP M it holds: 


Pr?(s K OS B) = lim Pr?(s H O<*<" B) 


n— oo 


where the superscript < n denotes that B has to be reached within at most 
n transitions. Similarly, we have: 


Pr” (s H Oe, B) = lim Pr” (s H OS" B). 


n— Co = 


By induction on n, it can be shown (cf. [3, Theorem 7]) that there is a 
finite family (D;)iez,, (with Jn an index set) of HD-schedulers such that the 
measure Prp induced by an HR-scheduler D’ for the cylinder sets induced 
by path fragments consisting of n transitions is a convex combination of the 
measures Prp,, t € Jn. Q.E.D. 


The results for the events OB and ©S*B in finite CTMDP M can be 
generalized towards constrained reachability properties C U B and C US'B, 
respectively, where C C S. This works as follows. First, all states in 
S\ (CU B) and in B are made absorbing, i.e., their enabled actions are 
replaced by a single action, as, say, with R(s,a,,s) > 0. The remaining 
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states are unaffected. Paths that visit some state in S \ (C U B) contribute 
probability zero to the event CUB while the continuation of paths that 
have reached B is of no importance to the probability of this event. For the 
resulting CTMDP M’ it follows: 


Prepy(s E CUS" B) = Pr®i%x(s H OS" B), 
Preis CUB) = Pri“x(s | OB); 
Prepy(s CUB) = Prtttx(sk OSB), 


where the subscript of Pr indicates the CTMDP of interest. Similar results 
hold for Pr™™. 

For the event CU<, B in CMRDP M, the states in S\C'UB are made 
absorbing (as before) and the reward of states in B is set to zero. The latter 
ensures that the accumulation of reward halts as soon as B is reached. Then 
it follows: 

Pr x(s E CU gr B) = Pris x (8 HE <r B) 


and similar for Pr™™, where M* is the resulting CMRDP after the trans- 
formations indicated above. 


3 Continuous stochastic reward logic 


CSRL is a branching-time temporal logic, based on the Computation Tree 
Logic (CTL). A CSRL formula asserts conditions on a state of a CMRDP. 
Besides the standard propositional logic operators, CSRL incorporates the 
probabilistic operator P z (p) where y is a path-formula and J is an interval of 
(0, 1]. The path-formula y imposes a condition on the set of paths, whereas 
J indicates a lower bound and/or upper bound on the probability. The 
intuitive meaning of the formula P7(w) in state s is: the probability for the 
set of paths satisfying y and starting in s meets the bounds given by J. The 
probabilistic operator can be considered as the quantitative counterpart to 
the CTL-path quantifiers 4 and V. 

The path formulae y are defined as for CTL, except that a bounded 
until operator is additionally incorporated. The intuitive meaning of the 
path formula ® UL. W for intervals I, K C R>o is that a W-state should be 
reached within t € I time units via a ®-path with total cost r € K. 


Definition 3.1 (Syntax of CSRL). CSRL state-formulae over the set AP 
of atomic propositions are formed according to the following grammar: 


® ::= true | a | D1 A Pe | ad | Pi(~), 


where a € AP, ọ is a path-formula and J C [0, 1] is an interval with rational 
bounds. CSRL path-formulae are formed according to: 


Y := Ok ð | Pı U Bo, 
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where ®, 6; and ® are state-formulae, and I, K C Ryo U {00}. 


Other boolean connectives such as V and — are derived in the obvi- 
ous way. The reachability event considered before is obtained as oF d= 
true U% ®. The always-operator O can be obtained by the duality of al- 
ways/eventually and lower/upper probability bounds, e.g., 


P>p(Ok ®) = Poi_p(Ok 7®) and Pipa (Ok ®) = Pa—gi—p (Ok 7®). 


Special cases occur for the trivial time-bound I = [0,00) and the trivial 
reward-bound K = [0, 00): 


= [0,00) = [0,c0) 
O=OR8) S and BUY =U) v. 


The semantics of CSRL is defined over the class of HR-schedulers. 


Definition 3.2 (Semantics of CSRL). Let a € AP, M = (S,Act,R,L) a 
CMRDP, s € S, ®,W CSRL state-formulae, and y a CSRL path-formula. 
The satisfaction relation } for state-formulae is defined by: 

sea if aeéL(s) 

S = =~ iff 8 JA ® 

sH®AY iff s}®and sY 

= Pz(%) iff for any scheduler D € HR: Pr” (s Ey) € J. 


Ww 


t t 
For path o = so “2% 5, “44, 


t ; 
s =, ... in M: 


tFOL® iff ofl] H ®,to € I and y(o, to) € K 
oH OULW iff tel (oat YA (Yr <t. oat H 6) Ay(o,t) € K). 


The semantics for the propositional fragment of CSRL is standard. The 
probability operator P z(-) imposes probability bounds for all (time-abstract) 
schedulers. Accordingly, s = P<p(y) if and only if Prīr (s = ẹ) < p, and 
similarly, s = Ps,(y) if and only if Prġr (s F v) > p. The well-definedness 
of the semantics of P;(y) follows from the fact that for any CSRL path- 
formula y, the set {a € Paths(s) | o H w~} is measurable. This follows 
from a standard measure space construction over the infinite paths in the 
stochastic process induced by an HD-scheduler over the CMRDP M. In 
fact, the measurability of these events can also be guaranteed for measurable 
timed schedulers, cf. [7]. 

Recall that o@t denotes the current state along o at time instant t, and 
y(a,t) denotes the accumulated reward along the prefix of o up to time t. 
The intuition behind y(ø, t) depends on the formula under consideration and 
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the interpretation of the rewards in the CMRDP ™ at hand. For instance, 
for p = good and path o that satisfies y, the accumulated reward y(o, t) 
can be interpreted as the cost to reach a good state within t time units. For 
yp = Obad, it may, e.g., be interpreted as the energy used before reaching a 
bad state within ¢ time units. 


4 Duality of time and reward 


The main aim of this section is to show the duality of rewards and the elapse 
of time in a CMRDP. The proof strategy is as follows. We first consider 
the action-deterministic case, i.e., MRMs, and show that—in spirit of the 
observations in the late 1970s by Beaudry [4]— the progress of time can 
be regarded as the earning of reward and vice versa in the case of non-zero 
rewards. The key to the proof of this result is a least fixed-point charac- 
terization of Pr(C UŁ B) in MRMs. This result is then lifted to CMRDPs 
under HD-schedulers. By Theorem 2.11, the duality result also applies to 
HR-schedulers. 

Consider first CMRDPs for which Act(s) is a singleton for each state s, 
i.e., MRMs. For time-bounded until-formula y and MRM M, Pr™ (s = p) 
is characterized by a fixed-point equation. This is similar to CTL where 
appropriate fixed-point characterizations constitute the key towards model 
checking until-formulas. It suffices to consider time bounds specified by 
closed intervals since: 


Pr(s, ®© ULV) = Pr(s,® ue 


clk) Ue)» 


where cl(Z) denotes the closure of interval J. A similar result holds for the 
next-step operator. The result follows from the fact that the probability 
measure of a basic cylinder set does not change when some of the intervals 
are replaced by their closure. In the sequel, we assume that intervals J and 
K are compact. 

In the sequel, let J © x denote {t-x |t E€ [At > x} and T(s,s', x) 
denotes the density of moving from state s to s’ in x time units, i.e., 


T(s,s',2) = P(s,s')-E(s)-e 20) * = R(s, s’)-e £0)", 


Here, E(s)-e~£()'* is the probability density function of the residence time 
in state s at instant x. Let Int denote the set of all (nonempty) intervals in 
Rso. Let L= {x € I | o(s)-x € K } for closed intervals J and kK. As we 
consider MRMs, note that @ can be viewed as function S > Ryo. (Strictly 
speaking, L is a function depending on s. As s is clear from the context, 
we omit it and write L instead of L(s).) Stated in words, L is the subset of 
I such that the accumulated reward (in s) lies in K. 
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Theorem 4.1. Let s € S, interval J, K C Ryo and ®,Y be CSRL state- 
formulas. The function (s, I, K) ++ Pr(s,®U4,W) is the least fixed point of 
the (monotonic) higher-order operator 


Q : (S x Int? > [0,1]) > (S x Int? > (0,1), 


where 
1, ifs = A® AW and 
inf J =inf K =0, 
Q(F)(s, I,K) := 4 Soniw(F,s,1,K) ifs RE GAY, 
Soaw(F,s,I,K) ifsE@®AYW, 
0, otherwise, 
with 


sup L 
Soquel Fal, K) = | XO T(s,8',2)-F(s',162,K © o(s)-x) dx 
0 sS ES 


and 
Sano (F, s, I, K) := 


inf L 
e- Els): inf L +f S T(s, s',2)-F(s',1 © 2, K © 0(s)-«) de. 
0 sS ES 


Proof. Along the same lines as the proof of [2, Theorem 1]. Q.E.D. 


The above characterisation is justified as follows. If s satisfies 6 and ~Y 
(second case), the probability of reaching a W-state from s at time t € I 
by earning a reward r € K equals the probability of reaching some direct 
successor s’ of s within « time units (x < sup 7 and o(s) -x < sup K, that 
is, x < sup L), multiplied by the probability of reaching a W-state from s’ 
in the remaining time t—x while earning a reward of at most r—g(s) - x. If 
s satisfies ® ^ W (third case), the path-formula ¢ is satisfied if no outgoing 
transition of s is taken for at least inf L time units? (first summand). 

Alternatively, state s should be left before inf L in which case the prob- 
ability is defined in a similar way as for the case s = ® A =W (second 
summand). Note that inf L = 0 is possible (if e.g., inf K = inf J = 0). In 
this case, s K ® A W yields that any path starting in s satisfies y = 6UL Y 
and Pr(s,y) = 1. 


2 By convention, inf Ø = oo. 
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Definition 4.2 (Dual CMRDP). The dual of a CMRDP M = 
(S$, Act, R, LZ, 0) with o(s,a) > 0 for all s € S and a € Act is the CM- 
RDP M* = (S, Act, R*, L, 0*) where for s,s’ € S and a € Act: 


/ 
HE m ie 
ols, a) o(s, a) 


R*(s,a,s') = 


Intuitively, the transformation of M into M* stretches the residence 
time in state s under action a with a factor that is proportional to the 
reciprocal of reward o(s,a) if 0 < o(s,a) < 1. The reward function is 
changed similarly. Thus, for pairs (s,a@) with o(s,a@) < 1 the sojourn time 
in s is extended, whereas if o(s,a) > 1 they are accelerated. For fixed action 
a, the residence of t time units in state s in M* may be interpreted as the 
earning of t reward in s in M, or reversely, earning a reward r in state s in 
M corresponds to a residence of r time units in s in M*. 

The exit rates in M* are given by E*(s,a) = E(s,a)/o(s,a). It fol 
lows that (M*)* = M and that M and M* have the same time-abstract 
transition probabilities as E*(s,a) = 0 iff E(s,a) = 0 and for E*(s,a) > 0: 
ee Hee) = R(s, a, s’)/0(s, a) _ R(s, a, 8’) =Po 

E (s,a) E(s,a)/0(s, a) E(s,a) 
Note that a time-abstract scheduler on CMRDP M is also a time-abstract 
scheduler on M* and vice versa, as such schedulers can only base their 
decisions on time-abstract histories, and the set of time-abstract histories 
for M and M* coincide. Finally, observe that uniformity is not maintained 
by *: M* is in general not uniform for uniform M. 


Definition 4.3 (Dual formula). For state formula ©, ®* is the state for- 
mula obtained from ® by swapping the time- and reward-bound in each 
subformula of the form O% or U$. 


For state-formula ®, let Sat(®) = {s E€ S|s HE}. 


Theorem 4.4 (Duality for MRMs). For MRM M = (S,R, L, o) with 
o(s) > 0 for all s € S and CSRL state-formula ®: 


SatM(®) = Sat” (o*). 


Proof. By induction on the structure of ®. Let MRM M = (S,R, L, o) 
with o(s) > 0 for all s € S. We show that for each s € S and sets of states 
B,CCS: 

PrM@(s = CURB) = PrM' (s | CUF B). 


The proof for a similar result for the next-step operator is obtained in an 
analogous, though simpler way. For the sake of simplicity, let J = [0, t] and 
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K = (0,r] with r,t € Ryo. The general case can be obtained in a similar 
way. Let s € C \ B. From Theorem 4.1 it follows: 


pr’ ( 


wH 


H CUFB) = I 5 T*(s,s', £) PeU OU ine B) dz 
s'ES 

for L* = {x € (0, ¢]|o*(s) - x € [0,7] }, i.e., L* = [0, min(t, =75)]. By the 

definition of M* and T*(s, s’, x) = R*(s,s’)-e~£ *)'*, the right-hand side 

equals: 


B) dz. 


R f Zs), A 

/ se T . Pr" (s, CUS 
L* s'ES o(s) els) 

x 


o(s) 
Í Y Ria) e EN P a a U A” B) dy, 
L gies 
where L = [0,min(=7y,7)]. Thus, the values Pr™M” (s, C UX B) yield a so- 
lution to the equation system in Theorem 4.1 for Pr (3,C ULB). In fact, 
these values yield the least solution. The formal argument for this latter 
observation uses the fact that M and M* have the same underlying di- 
graph, and hence, Pr (s, C UL, B) = 0 iff Pr (s, CUK B) = 0 iff there 
is no path starting in s where CUB holds. In fact, the equation system 
restricted to {s € S | Pr“ (s,CUL B) > 0} has a unique solution. The 


values Pr” (s, C UX B) and Pr’ (s, C UŁ B) are least solutions of the same 
equation system, and are thus equal. Hence, we obtain: 


Í 2 Tear o Pr e CU jg 2) a 
S'E 


By substitution y = this integral reduces to: 


which equals Pr (s EK C UĘ B) for s € C \ B. Q.E.D. 


If M contains states equipped with a zero reward, the duality result does 
not hold, as the reverse of earning a zero reward in M when considering ® 
should correspond to a residence of 0 time units in M* for 6*, which—as 
the advance of time in a state cannot be halted— is in general not possible. 
However, the result of Theorem 4.4 applies to some restricted, though still 
practical, cases, viz. if (i) for each sub-formula of ® of the form O40’ we 
have K = (0,00), and (ii) for each sub-formula of the form © U$- Y either 
K = (0,00) or Sat“ (6) C {s € S | o(s) > 0}. The intuition is that either 
the reward constraint (i.e., time constraint) is trivial in ® (in ®*), or that 
zero-rewarded states are not involved in checking the reward constraint. In 
such cases, let M* be defined by R*(s, s’) = R(s, s’) and o*(s) = 0 in case 
o(s) = 0 and defined as before otherwise. 
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Corollary 4.5 (Optimal MD schedulers for cost reachability). Let M be 
a finite uniform CMRDP with state space S, r € Ryo and B C S. There 
exists an MD scheduler D such that for any s € S: 

Pr” (s H| Og, B) = Prm8*(s H Og, B). 


ga 


Proof. Let M be a uniform CMRDP. By Theorem 2.9 it follows: 


sup Prg(s = OS? B) = sup Prv,(s H OX B). 

DeHD DEMD 
Observe that there is a one-to-one relationship between schedulers of M and 
of its dual M* as M and M* have the same time-abstract scheduler for any 
class X as defined before. Moreover, for HD-scheduler D, the dual of MRM 
M p is identical to the induced MRM of the dual of M, i.e., (Mp)* = M5. 
Thus: 

sup Pr? (s = OS¢ B) = sup Prgi(s EK OS! B). 

DeHD D*€HD 

Applying Theorem 4.4 to M* yields: 


sup Pr? (s = OŚ! B) = sup PrRi(s | Oc, B), 
DEHD D*cHD 


and by an analogous argument for MD-schedulers: 


sup Priji(s EOS B) = sup Pri. (s E Ox, B). 
DEMD D*¢MD 


Thus: 


sup Pr?.(s | Oc, B) = sup Pr¥).(s H Og, B). 
DEHD DEMD 


In addition, Theorem 2.11 asserts: 


sup Pr&(s | Oc, B) = sup Pr (s = Oc, B) 
DEHD DEHR 


and hence supp+eyp Pre (s H O<,r B) coincides with the suprema for the 
probability to reach B within reward bound r under all HD-, HR- and MD- 
schedulers. As MR-schedulers are between HR- and MD-schedulers, the 
stated result follows. Q.E.D. 


Unfortunately, this result does not imply that the algorithm in [3] ap- 
plied on M* yields the optimal result for the event O<, B, as M* is not 
guaranteed to be uniform whereas the algorithm ensures optimality only for 
uniform CTMDPs. 


We conclude this note by a duality result for arbitrary CMRDPs. 
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Corollary 4.6 (Duality for CMRDPs). For a CMRDP M = (S, Act, R, L, 
o) with o(s,a) > 0 for all s € S and a € Act, and CSRL state-formula ®: 
Sat@(6) = Sat” (*). 


Proof. By induction on the structure of 6. Let CMRDP M = (S, Act,R, L, 
0) with o(s,a) > 0 for all s € S and a € Act. Consider ® = P<p(C UX, B). 
The proof for bounds of the form > p, and for the next-step operator are 
similar. From the semantics of CSRL it follows: 


s Hm Pep(C UX B) iff sup Pręi(s H CUL B) <p. 
DEHR 


In a similar way as stated in the third item of Theorem 2.11 it follows: 


sup Pr? (s | CUL B)= sup Prę (s H| CULB). 
DEHR DEHD 

M and M* have the same time-abstract HD-schedulers and (M p)* = Mj. 
Theorem 4.4 yields: 


sup Prẹ (s = CU% B)= sup Pr?).(s KE CU¥ B). 
DEHD D*cHD 


As HD- and HR-schedulers are indistinguishable for events of the form 
CU. B (the proof of this fact is analogous to that of Theorem 2.11), it 
follows: 


sup Pri. (sH CUX B)= sup Pr¥,.(s E CUX B). 
D*cHD D*cHR 


Thus: 
s Em Pep(C Uk B) iff s Hm Pep(C UF B). 


5 Epilogue 

In this paper we have brought together results on the use of the logic CSRL 
and time and reward duality for MRMs [1], with recent results on reachabil- 
ity in CTMDPs [3]. This leads to a duality result for CMRDPs, as well as 
to the existence of optimal MD schedulers for cost reachability in uniform 
CMRDPs. 
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Abstract 


We survey operations on (possibly infinite) relational structures 
that are compatible with logical theories in the sense that, if we apply 
the operation to given structures then we can compute the theory of 
the resulting structure from the theories of the arguments (the logics 
under consideration for the result and the arguments might differ). 

Besides general compatibility results for these operations we also 
present several results on restricted classes of structures, and their 
use for obtaining classes of infinite structures with decidable theories. 


1 Introduction 


The aim of this article is to give a survey of operations that can be per- 
formed on relational structures while preserving decidability of theories. We 
mainly consider first-order logic (FO), monadic second-order logic (MSO), 
and guarded second-order logic (GSO, also called MS2 by Courcelle). For 
example, we might be interested in an operation f that takes a single struc- 
ture a and produces a new structure f(a) such that the FO-theory of f(a) 
can be effectively computed from the MSO-theory of a (we call such oper- 
ations (MSO, FO)-compatible), i.e., for each FO-formula y over f(a) we can 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 73—106. 
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construct an MSO-formula y* such that 


fa)Fe iff ary’. 


The main application of such operations is to transfer decidability results 
for logical theories. This technique can be applied for single structures, as 
well as uniformly over classes of structures. The first approach is often 
used for infinite structures, but it becomes trivial if the structure is finite 
since each finite structure has a decidable MSO-theory (even a decidable full 
second-order theory). The second approach is also useful for classes of finite 
structures as not every such class has a decidable theory. 

In order to process structures by algorithmic means, a finite encoding 
of the structure is required. Such encodings are trivial when structures are 
finite (though one may be interested into finding compact presentations), 
but the choice of encoding becomes a real issue when dealing with infinite 
structures. The approach using operations compatible with logical theories 
is as follows. Starting from a (countable) set B of structures all of which have 
a decidable theory for a certain logic L, we can construct new structures with 
a decidable theory (possibly for a different logic L’) by applying operations 
from a fixed (countable) set O of operations of the above form. This gives 
rise to the class C of all structures that can be obtained from the basic 
structures in B by application of the operations in O. Every element of C 
can be represented by a term over OU B. Evaluating an L’-formula over 
a structure in C then amounts to constructing and evaluating L-formulae 
over structures from B. 

Given such a definition of a class of structures, an interesting problem is 
to understand what structures can be encoded in this way and to give alter- 
native characterisations of them. Before we give examples of such classes, 
let us briefly summarise the main operations we are interested in. 


Interpretations. An interpretation uses logical formulae with free vari- 
ables to describe relations of a new structure inside a given one. Each 
formula with n free variables defines the relation of arity n that contains 
all tuples satisfying the formula. Usually, the free variables are first-order 
variables and the universe of the new structure is a subset of the universe of 
the original structure. Depending on the type of the formulae one speaks of 
FO- and MSO-interpretations, and it is not difficult to see that these types of 
interpretations preserve the respective logic. We shall frequently combine 
other operations with interpretations that perform some pre-processing and 
post-processing of structures. 


Products. The simplest form is the direct or Cartesian product of two 
or more structures. A generalised version allows us to additionally define 
new relations on the product by evaluating formulae on the factors and 
relating the results on the different factors by another formula. Feferman 
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and Vaught [32] proved that the first-order theory of such a product is 
determined by the first-order theories of its factors (see also [39] for an 
overview). 


Sums. To transfer the results of Feferman and Vaught for products to 
monadic second-order logic, Shelah considered sums (or unions) of struc- 
tures instead of products [45]. 


Iteration. The iteration of a structure consists of copies of the original 
structure that are arranged in a tree-like fashion. A theorem of Muchnik 
that has been proven in [49, 50] states that the MSO-theory of an iteration 
can be reduced to the MSO-theory of the original structure. 


Incidence Structure. The universe of the incidence structure contains, 
in addition to the elements of the original structure, all tuples that appear 
in some relation. This construction can be used to reduce the GSO-theory 
of a structure to the MSO-theory of its incidence structure [33]. 


Power set. The power set of a structure consists of all of its subsets. 
The relations are transferred to the singleton sets and the signature addi- 
tionally contains the subset relation. There is also a weak variant of the 
power-set operation that takes only the finite subsets of a structure. These 
constructions allow us to translate FO-formulae over the power-set structure 
to MSO-formulae over the original structure, and to weak MSO-formulae in 
case of finite sets [21]. 


Of course, these operations can also be combined to obtain more complex 
ones. For example, applying a product with a finite structure followed by an 
MSO-interpretation yields a parameterless MSO-transduction (see e.g., [24]). 
Or applying the power-set operation followed by an FO-interpretation gives 
an operation called a set interpretation (or finite set interpretation in the 
case of the weak power set) [21]. 


Besides the general results on the compatibility of these operations, we 
are interested in their behaviour on special classes of structures. In partic- 
ular we consider the following families. 


Tree-interpretable structures are structures that can be obtained by 
the application of an interpretation to a tree. Here, the interpretation can 
be chosen to be first-order, weak monadic-second order, or monadic second- 
order without affecting the definition (if the tree is changed accordingly). 
This class coincides with the class of structures of finite partition width [7]. 
The corresponding class of graphs consists of those with finite clique width 
[28]. Seese [43] conjectures that all structures with decidable MSO-theory 
are tree-interpretable. 


Structures of finite tree width resemble trees. They can be charac- 
terised as the structures with a tree-interpretable incidence graph. A the- 
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orem of Seese [43] states that all structures with decidable GSO-theory are 
have finite tree width. 


Uniformly sparse structures are the structures where the relations con- 
tain “few” tuples. Over these structures the expressive powers of GSO and 
MSO coincide [27]. A tree-interpretable structure is uniformly sparse if and 
only if it has finite tree width. 


Structures FO-interpretable in the weak power set of a tree have 
a FO-theory which is reducible to the WMSO-theory of the tree. Special 
techniques are developed to study those structures. In particular, we present 
reductions to questions about WMSO-interpretability in trees. 


Finally, we employ compatible operations to define classes of infinite 
structures with decidable theories. We use the following classes of structures 
to illustrate this method. 


Prefix-recognisable structures. The original definition of this class 
is based on term rewriting systems [17]. In our framework, these are all 
structures that can be obtained from the infinite binary tree by an MSO- 
interpretation, or equivalently by an FO-interpretation [20]. As the infinite 
binary tree has a decidable MSO-theory [41], the same holds for all prefix- 
recognisable structures. A fourth definition can be given in terms of the con- 
figuration graphs of pushdown automata [40]. A graph is prefix-recognisable 
if and only if it can be obtained from such a configuration graph by fac- 
toring out ¢-transitions. The class of HR-equational structures is a proper 
subclass of the prefix-recognisable structures [22]. By definition, each prefix- 
recognisable structure is tree-interpretable and it is HR-equational if and 
only if it has finite tree width or, equivalently, if it is uniformly sparse. 


The Caucal hierarchy. This hierarchy is defined by combining MSO-inter- 
pretations with the iteration operation. Starting from the set of all finite 
structures one alternatingly applies these two operations [18]. The first 
level of this strict hierarchy corresponds to the class of prefix-recognisable 
structures. As both operations are compatible with MSO, one obtains a 
large class of infinite graphs with decidable MSO-theories. Each structure 
in the Caucal hierarchy is tree-interpretable. 


Automatic structures. According to the original definition, the universe 
of an automatic structure is a regular set of words and the relations are 
defined by finite automata that read tuples of words in a synchronous way 
[36]. In the same way one can define tree-automatic structures using tree 
automata instead of word automata (and an appropriate definition of au- 
tomata reading tuples of trees). 

In our approach, automatic structures are obtained via an FO-interpre- 
tation from the weak power set of the structure (w, <) (the natural numbers 
with order). In the same way, tree-automatic structures can be obtained 
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from the infinite binary tree [21]. By the choice of the operations it follows 
that each (tree-)automatic structure has a decidable FO-theory. 


Tree-automatic hierarchy. Combining the previous ideas, one can con- 
sider the hierarchy of structures obtained by applying the weak power-set 
operation followed by an FO-interpretation to all trees in the Caucal hier- 
archy. It can be shown that this yields a strict hierarchy of structures with 
a decidable FO-theory. 


The article is structured as follows. In the next section we introduce 
basic terminology and definitions. Section 3 is devoted to the presentation 
of the operations and basic results concerning their compatibility. Further 
results that can be obtained on restricted classes of structures are presented 
in Section 4. The use of compatible operations for defining classes of struc- 
tures with decidable theories is illustrated in Section 5. 


2 Preliminaries 


Let us fix notation. We define [n] := {0,...,n — 1}, and P(X) denotes 
the power set of X. Tuples @ = (ao,...,@n—-1) € A” will be identified 
with functions [n] — A. We shall only consider relational structures a = 
(A, Ro,...,Rn—1) with finitely many relations Ro,...,Rp—1 and where the 
universe A is at most countable. 

An important special case of structures are trees. Let D be a set. We 
denote by D* the set of all finite sequences of elements of D. The empty 
sequence is (). The prefix ordering is the relation < C D* x D* defined by 


xxy :iff y= zxz for some z € D*. 


An unlabelled tree is a structure t isomorphic to (T, <) where T C D* 
is prefix closed, for some set D. A tree is a structure of the form (T, x, P) 
where (T, =) is an unlabelled tree and the P; are unary predicates. 


A tree is deterministic if it is of the form (T, <, (childg)gep, P) where 
D is finite and 


childg := {ud | u € D*}. 


The complete binary tree is ty := ({0, 1}*, childg, child,, <). 

We shall consider several logics. Besides first-order logic FO we shall 
use monadic second-order logic MSO which extends FO by set variables and 
set quantifiers, weak monadic second-order logic WMSO which extends FO 
by variables for finite sets and the corresponding quantifiers, and guarded 
second-order logic GSO. The syntax of GSO is the same as that of full 
second-order logic where we allow variables for relations of arbitrary arity 
and quantification over such variables. The semantics of such a second- 
order quantifier is as follows (for a more detailed definition see [33]). We 
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call a tuple a guarded if there exists a relation R; and a tuple č € R; such 
that every component a; of a appears in ¢. A relation is guarded if it only 
contains guarded tuples. We define a formula of the form 4Sy($') to be true 
if there exists a guarded relation S' satisfying y. Similarly, VSy($) holds if 
every guarded relation S satisfies y. For instance, given a graph g = (V, E) 
we can use guarded quantifiers to quantify over sets of edges. 


Definition 2.1. Let L and L’ be two logics. A (total) unary operation f 
on structures is (L, L’)-compatible if, for every sentence y € L’, we can 
effectively compute a sentence Yf € L such that 


fia)Ko iff aky!, for every structure a. 


We call f (L, L’)-bicompatible if, furthermore, for every sentence y € L, we 
can effectively compute a sentence y’ € L’ such that 


aey iff f(a) Ky’, for every structure a. 


For the case that L = L’ we simply speak of L-compatible and L-bicompatible 
operations. 


The interest in compatible operations is mainly based on the fact that 
they preserve the decidability of theories. 


Lemma 2.2. Let f be a (L, L’)-compatible operation. If the L-theory of a 
is decidable then so is the L’-theory of f(a). 


Another natural property of this definition is the ability to compose 
compatible operations. 


Lemma 2.3. If f is an (L, L')-compatible operation and g an (L’, L’’)-com- 
patible one then go f is (L, L’’)-compatible. If f and g are bicompatible 
then so is go f. 


3 Operations 


In this section we survey various operations on structures and their effect on 
logical theories (see also [39, 47, 34]). We attempt to provide a generic and 
self-contained panorama. We do not intend to present all results in their 
strongest and most precise form. For instance, many compatibility state- 
ments can be strengthened to compatibility for (i) the bounded quantifier 
fragments of the corresponding logics; (ii) their extensions by cardinality 
and counting quantifiers; or (iii) operations depending on parameters. The 
statements we present could also be refined by studying their complexity in 
terms of the size of formulae. This goes beyond the scope of this survey. 
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3.1 Generic operations 


We start with interpretations, which are among the most versatile opera- 
tions we shall introduce. In fact, all other operations we present are quite 
limited on their own. Only when combined with an interpretation they 
reveal their full strength. 


Definition 3.1. Let L be a logic and © and I signatures. An L-interpre- 
tation from X toT is a list 


T = (5(x), (pr(2)) rer) 


of L-formulae over the signature © where 6 has one free (first-order) variable 
and the number of free variables of yr coincides with the arity of R. 

Such an interpretation induces an operation mapping a »/-structure a to 
the [-structure 


T(a) = (D, Ro, Ssa ,Rr—1) 
where 


D:= {a€ A |a} d(a)} and R;:={ā c€ A” |a vp,(a)}. 


The coordinate map of T is the function mapping those elements of A that 
encode an element of Z (a) to that element. It is also denoted by Z. 

An L-interpretation with 6(x) = true is called an L-expansion. An L- 
marking is an L-expansion that only adds unary predicates without chang- 
ing the existing relations of a structure. 


Proposition 3.2. Let Z be an L-interpretation where L is one of FO, 
WMSO, or MSO. For every L-formula (z), there exists an L-formula y? (z) 
such that 


T(a) = p(Z(a)) iff ary’, 


for all structures a and all elements a; € A with a = d(a;). 


The formula y7 is easily constructed from y by performing the following 
operations: (i) replacing every atom Rg by its definition vy ; (ii) relativising 
all first-order quantifiers to elements satisfying ô, and all set quantifiers to 
sets of such elements. 


Corollary 3.3. L-interpretations are L-compatible if L is one of FO, WMSO, 
or MSO. 


A nice property of interpretations is that they are closed under composition. 
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Proposition 3.4. Let L be one of FO, WMSO, or MSO. For all L-interpre- 
tations Z and J, there exists an L-interpretation K such that K =To J. 


The second generic operation we are considering is the quotient operation. 


Definition 3.5. Let a = (A, R) be a structure and ~ a binary relation. If 
~ is a congruence relation of a then we can form the quotient of a by ~ 
which is the structure 


a/~ := (A/~, 8) 
where, if we denote the ~-class of a by [a], we have 
A/~ := {[a] | ae A}, 
S: := {(lao],---5[an—1]) | (ao,.-+5@n—1) € Ri}. 
By convention, if ~ is not a congruence, we set a/~ to be a. 


We shall only consider quotients by relations ~ that are already present 
in the structure. This is no loss of generality since we can use a suitable 
interpretation to add any definable equivalence relation. For a relation 
symbol R and a structure a we denote by R* the relation of a corresponding 
to R. 


Proposition 3.6. Let L be one of FO, WMSO or MSO, and ~ a binary 
relation symbol. The quotient operation a> a/~* is L-compatible. 


Remark 3.7. 

(a) The convention in the case that ~ is not a congruence causes no 
problems for the logics we are considering since in each of them we can 
express the fact that a given binary relation is a congruence. 

(b) In order to factorise by a definable congruence relation that is not 
present in the structure we can precede the quotient operation by a suitable 
interpretation that expands the structure by the congruence. 

(c) It is also possible to define quotients with respect to equivalence rela- 
tions that are no congruences. This case is also subsumed by our definition 
since, given an equivalence relation ~, we can use an FO-interpretation Z 
to modify the relations of a structure a in such a way that ~ becomes a 
congruence and the quotient Z(a)/~ equals a/~. 


Another property of the quotient operation is that it commutes with 
interpretations in the sense of the following proposition. 


Proposition 3.8. Let L be one of FO, WMSO or MSO. For every L- 
interpretation Z and each binary relation symbol ~, there exists an L- 
interpretation J such that 


L(a/~*) = J(a)/~7™, for every structure a. 
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In combination with Proposition 3.4, it follows that every sequence of 
L-interpretations and quotients can equivalently be written as a single L- 
interpretation followed by a quotient. This is the reason why one often 
defines a more general notion of an interpretation that combines the simple 
interpretations above with a quotient operation by a definable congruence. 
It follows that these generalised interpretations are also closed under com- 
position. 


3.2 Monadic second-order logic 


We now turn to operations compatible specifically with monadic second- 
order logic. The simplest one is the disjoint union. We also present a much 
more general kind of union called a generalised sum. Finally we present 
Muchnik’s iteration construction. 


Definition 3.9. The disjoint union of two structures a = (A, R) and b = 
(B, S} is the structure 


aWb:=(AUB,T) where T;:= R; U Si. 


The theory of the sum can be reduced to the theory of the two arguments 
using the following proposition. 


Proposition 3.10. Let L be one of FO, MSO, WMSO or GSO. For every 
L-formula y there exist D-formulae po, ..., Yn and Vo,...,0, such that 


awbEy iff there is some i< n such that a = y; and b = 1. 


Unions behave well with respect to MSO, but the same does not hold for 
products. A notable exception are products with a fixed finite structure. In 
the following definition we introduce the simpler product with a finite set, 
which, up to FO-interpretations, is equivalent to using a finite structure. 


Definition 3.11. Let a = (A, R) be a structure and k < w a number. The 
product of a with k is the structure 


k x a:= ([k] x A, R',P, 1), 
where 
R} := {((i,a0),..., (é,@n—1)) |@ € Rj and i < k}, 
P; = {i} x A, 
T= {((i,a), (j,a)) |a E€ A, ij < k}. 


Proposition 3.12. For every MSO-formula y(X°,...,X"~*) and all k < w, 
there exists an MSO-formula y;,(X°,...,X"~+) such that 


k x a E CP ere) iff a E (QU): 


where Qf := {a € A | (i a) € Pf}. The same holds for WMSO. 
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This result can be proven as a consequence of Theorem 3.16 below. 


Corollary 3.13. For k < w, the product operation a > k x a is MSO- 
compatible. It is MSO-bicompatible if k 4 0. The same holds for WMSO and 
GSO. 


Finite products are sometimes combined with MSO-interpretations re- 
sulting in what is called a parameterless MSO-transduction [24]. Such a 
transduction maps a structure a to the structure Z(k x a), where k is a 
natural number, and Z is an MSO-interpretation. It follows that parameter- 
less MSO-transductions are MSO-compatible. Furthermore, they are closed 
under composition since, for every MSO-interpretation 7, there exists an 
MSO-interpretation K with 


kx J(lx a) = K(k x a). 


The operation of disjoint union can be generalised to a union of infinitely 
many structures. Furthermore, we can endow the index set with a struc- 
ture of its own. This operations also generalises the product with a finite 
structure. 


Definition 3.14. Let i = (I, 8) be a structure and (a™);¢7 a sequence of 
structures a = (AM, R©) indexed by elements i of i. 
The generalised sum of (a® Jier is the structure 


Sra = (U,~, RY, 5") 
ici 
with universe U := {(i,a) |i € I, a € AM} and relations 
(i,a) ~ (jb) :if i=j, 
Ri, := {((é,ao),---,é,an—1)) | i€ I and ā € RM}, 
S, := { (lio, ao), raea (in-1, Gn—1)) | TE Se}. 
To illustrate the definition let us show how a generalised sum can be 
used to define the standard ordered sum of linear orderings. 
Example 3.15. Let i= (J,C) and a = (A, <), for i € I, be linear 
orders. Then 


Soa = (U, ~, <, E) 


tEi 
where U = {(i,a) | a € AM} and we have 
(i,a)<(j,b) iff i=janda<™ b, 
(ia) E j,6) if iTi. 
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If we introduce the new (definable) relation 
(i,a) < (j,b) :if (i,a) E (j,b) or (i,a) < (j, b) 


then the structure (U, <) is isomorphic to the ordered sum of the orders a. 


The generalisation of Proposition 3.10 takes the following form. 


Theorem 3.16. For every MSO-sentence y, we can construct a finite se- 


quence of MSO-formulae yo,...,s—1 and an MSO-formula w such that 
Soa Ey iff iiobis) EY, 
ici 


where [x] := {i € I | a® H yx}. 


Remark 3.17. This theorem is a special case of a result of Shelah [45] 
following the ideas developped by Feferman and Vaught [32], see [47, 34] for 
a readable exposition. As mentioned above it implies Proposition 3.10 (for 
MSO) as well as Proposition 3.12. 


We finally survey the iteration operation originally introduced by Much- 
nik. Given a structure a this operation produces a structure consisting of 
infinitely many copies of a arranged in a tree-like fashion. 


Definition 3.18. The iteration of a structure a = (A, R) is the structure 
a* := (A*, <,cl, R*) where < is the prefix ordering and 


cl := {waa | w E€ A*, a € A}, 
R} := {(wao,..., war) | w E€ A*, a € Ri}. 


Theorem 3.19 (Muchnik). The iteration operation is MSO-bicompatible 
and WMSO-bicompatible. 


Remark 3.20. The Theorem of Muchnik was announced without proof 
in [44]. The first published proof, based on automata-theoretic techniques, 
is due to Walukiewicz [49, 50]. An exposition can be found in [2] and a 
generalisation to various other logics is given in [9]. 


Example 3.21. 

(a) Let a := ([2], Po, Pi) be a structure with two elements and unary 
predicates Po := {0} and P; := {1} to distinguish them. Its iteration 
a* = ([2]*, <, cl, Př, Př} resembles the complete binary tree tə. Applying a 
simple (quantifier free) FO-interpretation Z we obtain t2 = Z(a*). 

(b) Let g be a graph. The unravelling of g is the graph U(g) := (U, F) 
where U is the set of all paths through g and F consists of all pairs (u, v) 
such that the path v is obtained from u by appending a single edge of g. 
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The unravelling of g can be obtained from g via an iteration followed by 
an interpretation. Note that g* consists of all sequences of vertices of g. All 
that is needed to get U(g) is to define the subset of those sequences that 
are paths through g. This can be done by the formula 


6(w) := VuVu[suc(u,v) Av < w > Su'(suc(u, u’) A cl(u’) A E*u'v)]. 
In view of the examples above we directly obtain the following corollaries. 


Corollary 3.22 (Rabin, [41]). The Mso-theory of the infinite binary tree tz 
is decidable. 


Corollary 3.23 (Courcelle-Walukiewicz, [31]). The unravelling operation U/ 
is MSO-compatible and WMSO-compatible. 


Finally, let us mention that iterations commute with interpretations in 
the following sense. 


Lemma 3.24 (Blumensath, [5]). For every MSO-interpretation Z, there 
exists an MSO-interpretation J such that 


T(a)* = J(a*), for all structures a. 


3.3 First-order logic 


In this section we concentrate on first-order logic. We start by introducing 
the power-set operation which relates MSO-theories to FO-theories. This 
operation provides a systematic way to relate results about FO-compatibility 
to those about MSO-compatibility above. 


Definition 3.25. Let a = (A, R) be a structure. The power set of a is the 
structure 


P(a) = (P(A), R',C), 


where Rj := {({ao},..., {@n—1}) | ae R;}. 
The weak power set Pw(a) of a is the substructure of P(a) induced by 
the set of all finite subsets of A. 


Since elements of P(a) are sets of elements of a, FO-formulae over P(a) 
directly correspond to MSO-formulae over a (and similarly for WMSO). 


Proposition 3.26. E 
(a) For every FO-formula y(%), we can construct an MSO-formula y’(X) 
such that 


P(a) = (P) if ak y'(P), 
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for every structure a and all subsets P; C A. 
(b) For every MSO-formula y(X), we can construct an FO-formula y’(Z) 
such that 


aH y(P) iff P(a) E y'(P), 


for every structure a and all subsets P; C A. 
(c) Analogous statements hold for WMSO-formulae and the weak power- 
set operation Py. 


Corollary 3.27. The power-set operation P is (MSO, FO)-bicompatible and 
the weak power-set operation Pw is (WMSO, FO)-bicompatible. 


Lemma 3.28. For every MSO-interpretation Z, there exists an FO-interpre- 
tation J such that 


Pol=JoP. 
A similar statement holds with WMSO instead of MSO and P,, instead of P. 


Remark 3.29. In [19, 21] (finite) set interpretations are introduced which 
are halfway between first-order and monadic second-order interpretations. 
A (finite) set interpretation is of the form 


T = (6(X), (pr(X)) rer) 


where 6,yR are (weak) monadic second-order formulae with set variables 
as free variables. Correspondingly the elements of the structure Z(a) are 
encoded by (finite) subsets of the original structure. With the operations of 
the present article we can express such a set interpretation as, respectively, 


JoP or JoPy 
where J is an FO-interpretation. From Corollary 3.27 it follows that 
e set interpretations are (MSO, FO)-compatible and 
e finite set interpretations are (WMSO, FO)-compatible. 


From Lemma 3.28 and Proposition 3.4 it follows that, if Z is an FO-inter- 
pretation, J a set interpretation, and K an MSO-interpretation then their 
composition Zo J o K is also a set interpretation. The same holds for finite 
set interpretations provided K is a WMSO-interpretation. 


We have mentioned that products are not compatible with monadic 
second-order logic. But they are compatible with first-order logic. In fact, 
historically they were among the first operations shown to be compatible 
with some logic. 
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Definition 3.30. The (direct, or Cartesian) product of two structures a = 
(A, R) and b = (B,S) is the structure 


axb:=(AxB,T), 
where T; := {((ao, bo), -» +5 (@n—1; bn—1)) | ac R;andbe Si}. 


Proposition 3.31. For every FO-formula y, we can construct FO-formulae 
Vo, ...-, Yn and Vo, ..., n such that 


axbEy iff there is some i< n such that a |= Y; and b = 0. 


Product and disjoint union are related via the power-set construction. 


Proposition 3.32. There exist FO-interpretations Z, J and K such that 
P(awb) = Z(F(P(a)) x K(P(6))), for all structures a and b. 
A similar statement holds with P,, instead of P. 


Remark 3.33. 

(a) The interpretations J and K are only needed to avoid problems with 
empty relations. If a relation is empty in one of the factors then the corre- 
sponding relation of the product is also empty and cannot be reconstructed. 
The quantifier-free interpretations are used to create dummy relations to 
avoid this phenomenon. 

(b) Using this result together with the (MSO, FO)-bicompatibility of P 
we can deduce the MSO variant of Proposition 3.10 from Proposition 3.31. 
A similar argument yields the WMSO version. 


Similar to finite products that are MSO-compatible we can define a finite 
exponentiation which is FO-compatible. 


Definition 3.34. Let a = (A, R) be a structure and k < w a number. The 
exponent of a to the k is the structure 


a := Ar R', E) 
with relations 


(Ose ng"): | (af,..., a271) € Ro}, 


w) 


The good behaviour of the finite exponent operation is illustrated by the 
next proposition. 
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Proposition 3.35. For each k < w and every FO-formula y(x°,...,2"~1), 
there exists an FO-formula y,(Z°,...,%"~+) such that 
a Eola: aia”) if a ola aaa” 


for every structure a and all a’ € AF. 


Corollary 3.36. Let k < w. The exponent operation a + a” is FO- 
compatible. It is FO-bicompatible for k > 1. 


The relation between finite exponentiation and finite products is given 
in the next proposition. (This allows us to deduce Proposition 3.12 from 
Proposition 3.35). 


Proposition 3.37. For every k < w, there exists an FO-interpretation Z 
such that 


P(k xa) £Z(P(a)*), for every structure a. 


The same holds for the weak power-set operation. 


In the same way as the combination of MSO-interpretations and finite 
products leads to the notion of a parameterless MSO-transduction, one can 
perform a finite exponentiation before an FO-interpretation. The resulting 
operation is called a k-dimensional FO-interpretation. The composition of 
a k-dimensional FO-interpretation with an /-dimensional one yields a kl- 
dimensional FO-interpretation. In the same spirit as above, multi-dimen- 
sional interpretations are correlated to parameterless MSO-transductions via 
the power-set operation. 


As for unions we can generalise products to infinitely many factors. In 
the original definition of a generalised product by Feferman and Vaught [32] 
FO-formulae are used to determine the relations in the product structure. 
We shall adopt a simpler yet richer definition where the product structure 
is completely determined by the index structure and the factors. 


Definition 3.38. Let a = (AM, R®), i € I, be structures, and let 
i= (P(D),C, S} 


be the expansion of the power-set algebra P(T) by arbitrary relations S. 
We define the generalised product of the a over i to be the structure 


[[o® = (GSS, R', E=) 


tet 
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with universe 
U :=P() u [| [A® 
i€l 
where the relations C and S are those of i and we have 
R; := {(X,a) | X = [Ra]}, 
E- := {(X, a, b) | X = ja= bl}, 


and [x(ā)] := {i € T | a® E y(@)}. 


Before stating that the generalised products are compatible with first- 
order logic let us give two examples. 


Example 3.39. Let go = (Vo, Eo) and gi = (Vi, E1) be two directed 
graphs. There are two standard ways to form their product: we can take the 
direct or synchronous product with edge relation Es := Eo x E1, and we can 
take the asynchronous product with edge relation Fa := (Eo xid)U (id x £1). 
Both kinds of products can be obtained from the generalised product via a 
first-order interpretation. 


For the direct product, we define the edge relation by the formula 


Pe, (x,y) = Az[All(z) A Ezzy] 
where the formula 
All(x) := x C z AYylx C y > xt = y) 


states that x = I is the maximal element of P(I). (Note that the condition 
x C z is needed to ensure that x € P(I).) 


Similarly, we define the edge relation of the asynchronous product by 


per, (x,y) := Judv[ Evry A Euzy A Sing(u) 
AYz(zCz—>(uťzəzCcv))] 


where the formula 
Sing(z) := z C z A YuVv[v C u C z => (v= u Vu = z)] 
states that z is a singleton set in P(J). 


Theorem 3.40 (Feferman-Vaught, [32]). For every FO-sentence y, there 
exist an FO-sentence y’ and a finite sequence of FO-sentences Xo,- --,Xm 
such that 


[[@ re? if (Dol... bem) EY, 


tet 


where [x] := {i € I | a® H x}. 
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Remark 3.41. 

(a) If the structure i is of the form P(j), for some index structure j, then 
instead of a FO-formula y’ over i we can also construct an MSO-formula 
over j, by Proposition 3.26. Hence, in this case we can reduce the FO-theory 
of the product J], a’ to the MSO-theory of the index structure j. 

(b) Note that Theorem 3.16 follows from Theorem 3.40 and Proposi- 
tion 3.26 since there exist FO-interpretations Z, J such that 


P(> ai) =a Il I(P(ai))). 


ici iEP(i 


(c) As an application of the generalised product we give an alternative 
proof to a result of Kuske and Lohrey [38] which states that, if we modify 
the iteration operation by omitting the clone relation cl then the resulting 
operation is (FO, Chain)-compatible. Here, Chain denotes the restriction of 
MSO where set variables only range over chains, i.e., sets that are totally 
ordered with respect to the prefix order <. Let us denote by a‘ the iteration 
of a without cl and let Pen(a) be the substructure of P(a) induced by all 
chains of a (we assume that a contains a partial order <). A closer inspection 
reveals that, up to isomorphism, the structure Pen(a#) can be obtained by 
a (2-dimensional) FO-interpretation from the generalised product of several 
copies of a indexed by the structure P(w,<). By Theorem 3.40 and the 
decidability of the MSO-theory of (w, <) [13], it follows that the operation 
a m a? is (FO, Chain)-compatible. 


3.4 Guarded second-order logic 


We conclude this section by considering an operation that connects guarded 
second-order logic with monadic second-order logic. 


Definition 3.42. The incidence structure of a structure a = (A, Ro,..., Rr) 
is 


In(a) := (AUG, R’, Ip,..., In—1) 


where G := Ro U... U Rp is the set of all tuples appearing in a relation of a, 
we have unary predicates 


R,:= {a€ G|ae Ri}, 
and binary incidence relations J; C A x G with 
I; := {(a 0) € Ax G| ae G}. 


Example 3.43. The incidence structure of a graph g = (V, E) is the struc- 
ture 


In(g) = (Vu E, E', Io, hh) 
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where the universe consists of all vertices and edges, the unary predicate E’ 
identifies the edges, and the incidence relations Jy and Jı map each edge to 
its first and second vertex, respectively. 


The GSO-theory of a structure is equivalent to the MSO-theory of its 
incidence structure. 


Proposition 3.44. The operation In is (GSO, MSO)-bicompatible. 


Remark 3.45. For the proof, note that we can encode every guarded n- 
tuple a by a triple (R, é,o) consisting of an m-ary relation R, a tuple € € R, 
and the function o : [n] — [m] such that a; = c,(;). Consequently, we can 
encode a guarded relation S C A” by a (finite) family of subsets Pr, C G 
where 


Pro := {2 € G | (R,é,c) encodes an element of S}. 


4 Structural properties 


So far, we have presented a number of purely logical properties of operations. 
In this section, we survey other equivalences which hold under some addi- 
tional hypothesis on the structures in question. First we study properties 
specific to trees. Then we present results for uniformly sparse structures. 
Finally we consider structures interpretable in the weak power set of a tree. 


4.1 Tree-interpretable structures 


When studying logical theories of trees various tools become available that 
fail for arbitrary structures. The most prominent example are automata- 
theoretic methods. For instance, one can translate every MSO-formula into 
an equivalent tree automaton (see [12, 46, 41]). Closer to the topic of the 
present paper are composition arguments which are based on Theorem 3.16 
and its variants. Those techniques provide the necessary arguments for the 
tree-specific statements of the present section. 


Definition 4.1. A structure is tree-interpretable if it is isomorphic to Z(t) 
for some MSO-interpretation Z and tree t. 


The notion of tree-interpretability is linked to two complexity measures: 
the clique width [28] (for graphs) and the partition width [5, 7] (for arbitrary 
structures). It turns out that a graph/structure is tree-interpretable if and 
only if its clique width/partition width is finite. 

In the definition of tree-interpretable structures, we can require the tree t 
to be deterministic without any effect. We can also replace MSO by WMSO 
without changing the definition. Our first result implies that the definition 
still remains equivalent if we use FO instead of MSO. 
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Theorem 4.2 (Colcombet, [20]). For every MSO-interpretation Z, there 
exists an FO-interpretation J and an MSO-marking M such that 


T(t) =(FoM)(t), for every tree t. 
The same holds when MSO is replaced by WMSO. 


Indeed, since the class of trees is closed under MSO-markings every tree- 
interpretable structure can be obtained by an FO-interpretation from a tree. 
Note that it is mandatory for this result that trees are defined in terms of 
the prefix order < instead of using just the immediate successor relation. 

One motivation for the study of tree-interpretable structures is the fact 
that this class seems to capture the dividing line between simple and com- 
plicated MSO-theories. On the one hand, trees have simple MSO-theories 
and, therefore, so have all structures that can be interpreted in a tree. Con- 
versely, it is conjectured that the MSO-theory of every structure that is not 
tree-interpretable is complicated. 


Conjecture 4.3 (Seese, [43]). Every structure with a decidable MSO-theory 
is tree-interpretable. 


Currently the best result in this direction was recently obtained by Cour- 
celle and Oum [30]. It states that every graph that is not tree-interpretable 
has an undecidable C2MSO-theory where C2MSO is the extension of MSO 
by predicates for counting modulo 2. Unfortunately their proof appears 
surprisingly difficult to generalise to arbitrary structures. 

One evidence for Seese’s conjecture is the fact that the class of tree-inter- 
pretable structures is closed under all known MSO-compatible operations. 


Proposition 4.4. The class of tree-interpretable structures is closed under 
(i) disjoint unions, (ii) generalised sums, (iii) finite products, (iv) quotients, 
(v) MSO-interpretations, and (vi) iterations. 


There is no difficulty in proving this proposition. In particular, it is easy 
to establish that the quotient of a tree-interpretable structure is also tree- 
interpretable. Indeed it is sufficient to guess a system C' of representatives 
of the equivalence classes. Once we have expanded the tree by this new 
unary predicate C we can use a simple MSO-interpretation to obtain the 
quotient. However, if one wants the representatives C to be unique and 
MSO-definable this becomes impossible. This follows from the following 
result of Gurevich and Shelah [35] (see [15] for a simple proof): There 
is no MSO-formula y(x, X) such that, for every deterministic tree t and all 
nonempty sets P C t, there is a unique element a € P such that t = y(a, P). 

The following theorem circumvents this difficulty. It is more precise than 
simply claiming the closure under quotients in that it states that we can 
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choose the same deterministic tree. The result is given for FO, but it can 
also be derived for MSO and WMSO by a direct application of Theorem 4.2. 


Theorem 4.5. Let Z be an FO-interpretation and ~ a binary relation sym- 
bol. There exists an FO-interpretation J such that 


T(t)/~7 = F(t), for every deterministic tree t. 


Remark 4.6. For the proof of this result it is sufficient to assign to each 
~-class a unique element of the tree in an FO-definable way. First, one 
maps each class to its infimum (for the prefix order <). With this definition 
several classes might be mapped to the same element. Using a technique 
similar to the one from [21] it is possible to distribute those elements in 
a FO-definable way and thereby to transform the original mapping into an 
injective one. 


Another phenomenon is that the iteration and unravelling operations 
turn out to be equivalent in the context of MSO-interpretations over trees. 


Theorem 4.7 (Carayol-Wohrle, [16]). There exist MSO-interpreta- 
tions Z, J such that 


 ~T(U(T(t))), for every deterministic tree t. 


The first interpretation J adds backward edges and loops to every vertex 
of t. From the unravelling of this structure we can reconstruct the iteration 
of t by an MSO-interpretation. 


4.2 Tree width, uniform sparse structures, and complete 
bipartite subgraphs 


In this section we introduce the tree width of a structure, a complexity 
measure similar to the clique width or partition width, which were related 
to the notion of tree-interpretability. Intuitively the tree width of a structure 
measures how much it resembles a tree (see [10] for a survey). 


Definition 4.8. Let a = (A, R) be a structure. 
(a) A tree decomposition of a is a family (Uy)ver of subsets U, C A 
indexed by an undirected tree T with the following properties: 


1. U, Uv = A. 
2. For all a € R; in some relation of a, there is some v € T with a C Uy. 


3. For every element a € A, the set {v € T | a € U,} is connected. 
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(b) The width of such a tree decomposition (U,) er is 
sup {|U,| |v E€ T}. 


(For aesthetic reasons the width is traditionally defined as supremum of 
|U,| — 1. We have dropped the —1 since it makes many statements more 
complicated and omitting it does not influence the results.) 

(c) The tree width twda is the minimal width of a tree decomposition 
of a. 


It turns out that, with respect to tree width, GSO plays a similar role 
as MSO does with respect to tree-interpretability. The incidence structure 
allows to go back and forth in this analogy. 


Theorem 4.9. A structure a has finite tree width iff In(a) is tree-interpret- 
able. 


The corresponding result for classes of finite structures is due to Cour- 
celle and Engelfriet [29]. The same ideas can be used to prove Theorem 4.9. 
Note that this theorem in particular implies that every structure with finite 
tree width is tree-interpretable. However the converse does not hold. For 
instance, the infinite clique is tree-interpretable but its tree width is infinite. 


The equivalent of Seese’s Conjecture 4.3 for tree width has been proved by 
Seese. 


Theorem 4.10 (Seese, [43]). Every structure with a decidable GsO-theory 
has finite tree width. 


The proof is based on the Excluded Grid Theorem of Robertson and Sey- 
mour [42] and on the fact that the class of all finite grids has an undecidable 
MSO-theory (see also [25, 5]). 

In the remaining of this section, we present two other complexity mea- 
sures for countable structures: sparsity and the existence of big complete 
bipartite subgraphs in the Gaifman graph. A structure is uniformly sparse 
if, in every substructure, the number of guarded tuples is linearly bounded 
by the size of the substructure. 


Definition 4.11. Let k < w. A structure a = (A, Ro,...,Rn_1) is called 
uniformly k-sparse if, for all finite sets X C A and every i < n, we have 


|Ri|x| < k- |X|. 
A structure is uniformly sparse if it is uniformly k-sparse for some k < w. 


The requirement of uniform sparsity is less restrictive than that of having 
a finite tree width: every structure of finite tree width is uniformly sparse, 
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but the converse does not hold in general. Consider for instance the infinite 
grid Z x Z with an edge between (i,k) and (j, l) if i — j| + |k — l| = 1. This 
graph is uniformly sparse, but has infinite tree width. 

The work of Courcelle [27] shows that the property of being uniformly 
sparse is the correct notion for studying the relationship between GSO and 
MSO. While, in general, GSO is strictly more expressive than MSO, it col- 
lapses to MSO on uniformly sparse structures. 


Theorem 4.12. Let k < w. For every GSO-sentence y, we can construct 
an MSO-sentence y’ such that 


akg iff aky’, for all countable uniformly k-sparse structures a. 


The proof of this result relies on the possibility, once k is fixed, to in- 
terpret In(a) in n x a for a suitably chosen n, provided one has correctly 
labelled n x a by a certain number of monadic parameters. Then Theo- 
rem 4.12 follows by Proposition 3.44. This technique is formalised by the 
following lemma. 


Lemma 4.13. For all k < w, there exist n < w, an MSO-interpretation T, 
and an MSO-formula y such that, for every countable uniformly k-sparse 
structure a, 


e there exist unary predicates P such that a = (P) and 
e In(a) =Z(n x (a,P)), for all P witha = ọ(P). 


The last notion we present is based on the Gaifman graph of a structure. 


Definition 4.14. Let a = (A, Ro,...,Rn_1) be a structure. The Gaifman 
graph of a is the undirected graph 


Gaif(a) := (A, E) 
with edge relation 
E := {(a,b) | a 4 b and (a,b) is guarded}. 


The Gaifman graph gives an approximation of the relations in a struc- 
ture. All the notions of this section can be defined in terms of the Gaifman 
graph as stated by the following proposition. 


Proposition 4.15. A structure has finite tree width iff its Gaifman graph 
has finite tree width. A structure is uniformly sparse iff its Gaifman graph 
is uniformly sparse. 
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A complete bipartite graph is an undirected graph (V, E} where V is 
partitioned into two sets A U B such that 


E=(Ax B)U(Bx A). 


If |A| = |B| = n then we say that the graph is of size n. If a graph has 
complete bipartite subgraphs of arbitrary size this implies that for those 
subgraphs the number of edges is quadratic in the number of vertices. As 
a consequence such a graph cannot be uniformly sparse. Hence, for ev- 
ery uniformly sparse graph, there is a bound on the size of its complete 
bipartite subgraphs. Over structures this means that for every uniformly 
sparse structure there exists a bound on the size of the complete bipartite 
subgraphs of its Gaifman graph. However the converse does not hold in 
general. It is possible to define non-uniformly sparse graphs which do not 
possess any complete bipartite subgraphs of size larger than some constant. 
For instance, the graph with vertices Z with an edge between m and n iff 
|m — n| is a power of 2. 

The three notions of (i) admitting a bound on the size of complete bi- 
partite subgraphs; (ii) being uniformly sparse; and (iii) having bounded tree 
width; are related but do not coincide. The following theorem states the 
equivalence of these three notions over tree-interpretable structures. It was 
first proved for finite graphs in [26]. The generalisation to infinite structures 
proceeds along the same lines (see [5]). 


Theorem 4.16. For every structure a, the following statements are equiv- 
alent: 


1. a has finite tree width. 
2. a is tree-interpretable and uniformly sparse. 


3. ais tree-interpretable and the size of the complete bipartite subgraphs 
of its Gaifman graph is bounded. 


4.3 The weak power set of trees 


We have seen that the power-set construction allows us to relate MSO and 
FO, in the same way MSO and GSO are related by the incidence structure con- 
struction. Hence, one may wonder whether results similar to Theorem 4.10 
for GSO or Conjecture 4.3 for MSO hold in this setting. The answer is neg- 
ative. 


Proposition 4.17 (Colcombet-Léding, [21]). There are structures of de- 
cidable FO-theory which are not of the form Z(Py(t)), for a tree t and an 
FO-interpretation Z. 


96 A. Blumensath, T. Colcombet, C. Loding 


An example of this phenomenon is the random graph (a graph in which 
every finite graph can be embedded) which has a decidable FO-theory but 
is not of the above form. This propositon is established as an application 
of the following theorem which eliminates the weak power-set operation in 
the equation (Z o Py,)(t) = Pw(a), provided that t is a deterministic tree. 


Theorem 4.18 (Colcombet-Léding, [21]). For every FO-interpretation 7, 
there exists a WMSO-interpretation J such that 


(Zo Pw)(t) = Pw(a) implies Z(t) S a, 
for every deterministic tree t and every structure a. 


Note that some kind of converse to this theorem can easily be deduced 
from Lemma 3.28. Indeed, for every WMSO-interpretation J, there exists 
an FO-interpretation Z such that 


ToPy =Py,of. 


Consequently, J (t) S a implies (Z o Py)(t) = (Pw o J)(t) = Pw (a). 
Finally, let us state a variant of Theorem 4.5 for the weak power set of 
a tree. 


Theorem 4.19 (Colcombet-Léding, [21]). For every FO-interpretation Z 
and every binary relation symbol ~, there is an FO-interpretation J such 
that: 


(T o Py) (t)/~F°P) 9 Œ (FoPy)(t), for every deterministic tree t. 


When the power set operation is used instead of the weak power-set, we 
conjecture that this theorem becomes false, whereas Theorem 4.18 remains 
true: New phenomena arise when infinite sets are allowed. 


5 Classes 


Suppose that we are interested in, say, the monadic second-order theory of 
some structure a. One way to show the decidability of this theory is to start 
from a structure 6 for which we already know that its monadic second-order 
theory is decidable, and then to construct a from b using MSO-compatible 
operations. We have seen an example of this approach in Corollary 3.22 
where the infinite binary tree tz is constructed from a finite structure using 
an iteration and an MSO-interpretation. 

In this last section we follow this idea and consider not only single struc- 
tures but classes of structures that can be obtained in the way described 
above. For example, by applying the iteration operation to a finite struc- 
ture followed by an MSO-interpretation we can not only construct tọ but 
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a whole class of structures with a decidable monadic second-order theory. 
This class and its generalisations are the subject of the first part of this 
section. In Section 5.2 we consider classes of structures with a decidable 
first-order theory that can be obtained with the help of FO-interpretations 
and the (weak) power-set operation. We conclude our survey in Section 5.3 
by presenting HR-equational structures and their GSO-theory. 


5.1 Prefix-recognisable structures and the Caucal hierarchy 


We have conjectured above that all structures with a decidable MSO-theory 
are tree-interpretable. In this section we take the opposite direction and 
define large classes of tree-interpretable structures with a decidable MSO- 
theory. We start with the class of prefix-recognisable structures. Originally, 
this class was defined as a class of graphs in [17]. These graphs are defined 
over a universe consisting of a regular set of finite words and their edge 
relation is given as a finite union of relations of the form 


(Ux V)W := {(uw, vw) |u Ee U, ve V, we W}, 


for regular languages U,V,W. Such relations are a combination of a recog- 
nisable relation U x V for regular U and V, followed by the identity relation, 
explaining the term ‘prefix-recognisable’. 

This definition can been extended to arbitrary structures instead of 
graphs (see [6, 14]) but the description of prefix-recognisable relations gets 
more complicated. Using the approach of compatible operations we obtain 
an alternative and simpler definition of the same class of structures. 


Definition 5.1. A structure a is prefiz-recognisable if and only if a = T(t2), 
for some MSO-interpretation Z. 


This definition directly implies that each prefix-recognisable structure 
is tree-interpretable and has a decidable monadic second-order theory be- 
cause to has. Further elementary properties are summarised in the following 
proposition. 


Proposition 5.2. The class of prefix-recognisable structures is closed un- 
der (i) MSO-interpretations, (ii) parameterless MSO-transductions, (iii) dis- 
joint unions, (iv) finite products, (v) quotients, and (vi) generalised sums 
of the form <; in which both a and i are prefix-recognisable and all 
summands a are isomorphic. 


In fact, according to Theorem 4.21, we can even replace MSO-interpre- 
tations by FO-interpretations. 


Theorem 5.3 (Colcombet, [20]). A structure a is prefix-recognisable if and 
only if a S T(t2), for some FO-interpretation Z. 


1 In combination with the fact that every regular tree is FO-interpretable in tg. 
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For prefix-recognisable graphs several alternative characterisations have 
been given, for example they are the configuration graphs of pushdown au- 
tomata after factoring out the ¢-transitions, and also those graphs obtained 
as the least solutions of finite systems of equations whose operations con- 
sists of (i) disjoint unions and (ii) positive quantifier-free interpretations 
(this approach is due to Barthelmann [1], see [4] for an overview). 

In the definition of prefix-recognisable structures we have used the infi- 
nite binary tree tg as a generator and applied MSO-interpretations to it. In 
Section 3 we have seen how t can be obtained from a finite structure with 
the help of the iteration operation. In fact, we do not get more structures 
when we allow the application of an MSO-interpretation to the iteration of 
an arbitrary finite structure. 


Proposition 5.4. The prefix-recognisable structures are exactly those of 
the form Z(a*) for an MSO-interpretation Z and a finite structure a. 


As both operations used in Proposition 5.4 are MSO-compatible there is 
no reason to stop after just one application of each of them. This idea is used 
in [18] for graphs using the unravelling operation instead of the iteration 
and an inverse rational mapping (a weakening of an MSO-interpretation) 
instead of an MSO-interpretation. According to [16] the following definition 
is equivalent to the original one. 


Definition 5.5. The Caucal hierarchy Co C Cı C ... is defined as follows. 
The first level Co consists of all finite structures. Each higher level C,,4 
consists of all structures of the form Z(a*) where Z is an MSO-interpretation 
and a € Cn. 


The compatibility of the employed operations directly yields the decid- 
ability of the MSO-theory for all structures in this class. 


Theorem 5.6. All structures in the Caucal hierarchy have a decidable 
MSO-theory. 


In the same spirit as Theorem 5.3 one can show that MSO-interpretations 
can be replaced by FO-interpretations. Furthermore, the iteration can also 
be replaced by the unravelling operation applied to the graphs on each level. 


Theorem 5.7 (Colcombet, [20]). A structure belongs to C,,41 if and only if 
it is of the form (Zol/)(g) where Z is an FO-interpretation, U the unravelling 
operation, and g € Cn is a graph. 


At present, the Caucal hierarchy is the largest known natural class of 
structures with a decidable MSO-theory (other structures with decidable 
MSO-theory can be constructed by ad hoc arguments; see, e.g., Proposi- 
tion 5 of [16]). The first level of this hierarchy, i.e., the class of prefix- 
recognisable structures, is already well investigated. In [16] the graphs of 
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level n are shown to be the same as the configuration graphs of higher-order 
pushdown automata of level n (automata using nested stacks of nesting 
depth n). Using this equivalence and a result on the languages accepted by 
higher-order pushdown automata, one obtains the strictness of the Caucal 
hierarchy. In [16] it is also shown that not all structures of decidable MSO- 
theory are captured: There is a tree with decidable MSO-theory that is not 
contained in any level of the hierarchy. It remains an open task to gain a 
better understanding of the structures in higher levels of the hierarchy. 


5.2 Automatic structures and extensions 


Let us turn to structures with a decidable FO-theory. A prominent class of 
such structures is the class of automatic (and tree-automatic) structures, a 
notion originally introduced by Hodgson [36]. 

A relation R C (X*)” on words is automatic if there is a finite automaton 
accepting exactly the tuples (wo, ..., Wr—1) E€ R, where the automaton reads 
all the words in parallel with the shorter words padded with a blank symbol 
(for formal definitions see, e.g., [37, 3, 8]). A structure is called automatic 
(or has an automatic presentation) if it is isomorphic to a structure whose 
universe is a regular set of words and whose relations are automatic in the 
sense described above. 

In the same way we can also use automata on finite (ranked) trees to 
recognise relations. The superposition of a tuple of trees is defined by align- 
ing their roots and then, for each node aligning the sequence of successors 
from left to right, filling up missing positions with a blank symbol (again, a 
formal definition can be found in [3, 8]). Accordingly, a structure is called 
tree-automatic if it is isomorphic to a structure whose domain consists of 
a regular set of finite trees and whose relations are recognised by finite au- 
tomata reading the superpositions of tuples of trees. An alternative defini- 
tion for tree-automatic structures can be given via least solutions of system 
of equations [19] in the same spirit as [1] for prefix-recognisable structures. 
In addition to the operations for prefix-recognisable structures one allows 
the Cartesian product in the equations. 

By inductively translating formulae to automata we can use the strong 
closure properties of finite automata to show that each FO-definable relation 
over an automatic structure is again automatic. As the emptiness problem 
for finite automata is decidable this yields a decision procedure for the 
model-checking of FO-formulae over (tree-)automatic structures. 

We are interested in generating structures with a decidable FO-theory 
using FO-compatible operations. We focus here on the use of FO-interpreta- 
tions. The first possibility is to start from structures with a decidable FO- 
theory and then apply FO-interpretations to it. Alternatively we can start 
from structures with a decidable MSO-theory and then apply the (weak) 
power-set operation followed by an FO-interpretation. 
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To obtain the class of automatic structures in this way let us first note 
that each automatic structure can be represented using a binary alphabet, 
say [2] = {0,1}. A word over this alphabet can either be seen as the binary 
encoding of a number, or as a set of natural numbers, namely the set of all 
positions in the word that are labelled by 1. 

When encoding [2]-words by natural numbers we need relations that al- 
low us to extract single bits of a number to be able to simulate the behaviour 
of finite automata in first-order logic. This can be done using the addition 
operation + and the relation |> defined as follows (see, e.g., [11, 3]): 


k|əm :iff kis a power of 2 dividing m. 


Similarly, if [2]-words are viewed as sets of natural numbers we have to be 
able to access the elements of the set. This is possible in the weak power-set 
of the structure (w,<). By Corollary 3.27, FO over Py(w,<) corresponds 
to WMSO over (w, <), which is known to have the same expressive power as 
finite automata (see, e.g., [48]). 

These ideas lead to the following characterisations of automatic struc- 
tures. 


Proposition 5.8. Let a be a structure. The following statements are equiv- 
alent: 


1. a is automatic. 
2. a S T(N, +, |2), for some FO-interpretation ZT. 
3. a S (T o Py) (w, <), for some FO-interpretation Z. 


To obtain tree-automatic structures we first note that it is enough to 
consider unlabelled finite binary trees. Such a tree can be encoded in the 
infinite binary tree tg by the set of its nodes. It is not difficult to see 
that first-order logic over the weak power-set structure of tg has the same 
expressive power as finite automata over trees. 


Proposition 5.9. A structure a is tree-automatic if and only if a = (Zo 
Pw) (tg), for some FO-interpretation T. 


This approach via compatible operations can easily be generalised by 
using other generators than (w,<) and tg. In the previous section we have 
obtained a hierarchy of structures with a decidable MSO-theory. The infinite 
binary tree təz is on the first level of this hierarchy. Using Proposition 5.9 as 
a definition for tree-automatic structures, we obtain a natural hierarchy of 
higher-order tree-automatic structures. 
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Definition 5.10. A higher-order tree-automatic structure of level n is a 
structure of the form (Z o Pw)(t) for some tree t from Cn, the nth level of 
the Caucal hierarchy. 


Using Theorem 5.6 and the properties of the operations involved we 
obtain the following result. 


Theorem 5.11. Every higher-order tree-automatic structure has a decid- 
able first-order theory. 


Although the Caucal hierarchy is known to be strict this does not directly 
imply that the hierarchy of higher-order tree-automatic structures is also 
strict. But by Theorem 4.18 it follows that, if the hierarchy would collapse 
then all the trees in the Caucal hierarchy could be generated from a single 
tree t in this hierarchy by means of WMSO-interpretations. This would 
contradict the strictness of the Caucal hierarchy because, according to [16]?, 
each level is closed under WMSO-interpretations. 


Theorem 5.12 (Colcombet-Léding, [21]). The hierarchy of higher-order 
tree-automatic structures is strict. 


As mentioned in the previous section very little is known about struc- 
tures on the higher levels of the Caucal hierarchy. As higher-order tree- 
automatic structures are defined by means of the Caucal hierarchy we even 
know less about these structures. In [21] it is illustrated how to apply 
Theorem 4.18 to show that structures are not higher-order tree-automatic. 


5.3 HR-equational structures 


In [22] equations using operations on structures are used to define infinite 
structures. The operations work on structures that are coloured by a finite 
set of colours. We introduce constant symbols for each finite structure (over 
a fixed signature). From these we build new structures using: 


e the disjoint union operation W; 
e unary operations pab recolouring all elements of colour a to colour b; 


e unary operations ĝa that merge all elements of colour a into a single 
element. 


For example, the equation 


r= p20 (02((e8) Y pi2(z))) 


2 In [16] the closure of each level under MSO-interpretations is shown. But in the same 
paper it is shown that each level can be generated by MSO-interpretations from a 
deterministic tree of this level, and on deterministic trees the finiteness of a set can be 
expressed in MSO. Hence the levels are also closed under WMSO-interpretations. 
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has as least solution the graph 


1 0 0 0 
e—e—e—e— -:- 

The class of structures obtained as solutions of finite systems of equa- 
tions over these operations has various names in the literature (equational, 
regular, hyperedge replacement). We use here the term HR-equational. 

We obtain a connection between HR-equational structures and trees by 
unravelling the system of equations defining a given structure a into an 
infinite tree t. The inner nodes of the tree are labelled with the operations 
and the leaves with the finite structures that are used as building blocks 
for the resulting infinite structure. As an unravelling of a finite system of 
equations the tree t is regular and it contains all the information on how to 
build the structure a. 

It should not be surprising that it is possible to construct the structure a 
from t via a parameterless MSO-transduction. But we can do even better 
because all the information on the relations of a is contained in the leaves 
of the defining tree. This allows us to construct not only a but also In(a) 
by a parameterless MSO-transduction. It turns out that this property char- 
acterises HR-equational structures. As for prefix-recognisable structures we 
therefore choose this property as the definition. 


Definition 5.13. A structure a is HR-equational if and only if In(a) is 
prefix-recognisable. 


By Proposition 3.44 we can reduce the GSO-theory of an HR-equational 
structure to the MSO-theory of a prefix-recognisable one. 


Proposition 5.14. Every HR-equational structure has a decidable GSO- 
theory. 


Courcelle [23] has proved that the isomorphism problem for HR-equation- 
al structures is decidable. We can generalise this result as follows. In [6] it 
is shown that prefix-recognisable structures can be axiomatised in GSO, i.e., 
for each prefix recognisable structure a, one can construct a GSO-sentence 
Wa such that 


b= ypa iff 62a, for every structure b. 


If we take 6 from a class of structures for which we can decide whether 
b = Ya holds then this allows us to solve the isomorphism problem for 
a and b. To this end let b be a uniformly sparse structure from the Caucal 
hierarchy. (Note that every HR-equational structure is uniformly sparse.) 
According to Theorem 4.12 we can construct an MSO-sentence 7, that is 
equivalent to Ya on b. And since the MSO-theory of each structure in the 
Caucal hierarchy is decidable we can now verify if b — W4, which is the case 
if, and only if, a= b. 
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Theorem 5.15. Given an HR-equational structure a and a uniformly sparse 
structure 6 from the Caucal hierarchy, we can decide whether a = b. 


The above description is slightly simplified. The GSO-sentence pa con- 
structed in [6] uses cardinality quantifiers 3“ meaning “there are at least 
k many”, for a cardinal k. To make Theorem 5.15 work in this extended 
setting, we first note that Theorem 4.12 also works if the logics are extended 
with cardinality quantifiers. Second, we have to verify that b = y} can also 
be checked if y} contains cardinality quantifiers. Because b is countable, 
we only need to consider the quantifier “there are infinitely many”. This 
quantifier can be eliminated since each structure of the Caucal hierarchy 
can be obtained by an MSO-interpretation from a deterministic tree of the 
same level and on such trees the property of a set being infinite can be 
expressed in MSO. 
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Abstract 


There are at least as many interesting classes of regular tree lan- 
guages as there are of regular word languages. However, much less is 
known about the former ones. In particular, very few decidable char- 
acterizations of tree language classes are known. For words, most 
known characterizations are obtained using algebra. With this in 
mind, the present paper proposes an algebraic framework for classi- 
fying regular languages of finite unranked labeled trees. 

If in a transformation semigroup we assume that the set being 
acted upon has a semigroup structure, then the transformation semi- 
group can be used to recognize languages of unranked trees. This 
observation allows us to examine the relationship connecting tree lan- 
guages with standard algebraic concepts such as aperiodicity idem- 
potency, or commutativity. The new algebraic setting is used to give 
several examples of decidable algebraic characterizations. 


1 Introduction 
There is a well-known decision problem in formal language theory: 
Decide if a given a regular language of finite binary trees can be 


defined by a formula of first-order logic with three relations: ancestor, 
left and right successor. 


* We would like to thank Olivier Carton, Jean-Eric Pin, Thomas Schwentick, Luc 
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Straubing, for correcting several errors in a previous version, and suggesting some im- 
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If the language is a word language (there is only one successor relation in this 
case) the problem is known to be decidable thanks to fundamental results 
of Schtitzenberger [14] and McNaughton and Papert [11]. The problem is 
also decidable for words when only the successor relation is available [18, 1]. 
However, no algorithm is known for the case of tree languages, see [9, 13, 3, 2] 
for some results in this direction. 

There is a large body of work on problems of the type: decide if a given 
regular word language can be defined using such and such a logic [6, 12, 15, 
19, 20, 22]. Most of the results have been obtained using algebraic techniques 
of semigroup theory. Recently, there has even been some progress for tree 
languages [21, 8, 5, 2]. There is, however, a feeling that we still do not 
have the right algebraic tools to deal with tree languages. In this paper we 
propose an algebraic framework, called forest algebras, and study the notion 
of recognizability in this framework. We want it to be as close to the word 
case as possible to benefit from the rich theory of semigroups. We show how 
standard notions, such as aperiodicity, idempotency, or commutativity, can 
be used in our framework to characterize classes of tree languages. 

Forest algebras are defined for forests (ordered sequences) of unranked 
trees, where a node may have more than two (ordered) successors. This 
more general (more general than, say, binary trees) setting is justified by 
cleaner definitions, where semigroup theory can be used more easily. 

We begin our discussion of forest algebras with the free forest algebra. 
Just as the free monoid is the set of words, the free forest algebra is going to 
be the set of forests. For finite words, there is one natural monoid structure: 
concatenation of words with the empty word as a neutral element. For 
forests there is also a concatenation operation that puts one forest after the 
other (see Figure 1). This operation though, has very limited power as the 
depth of the resulting forest is the maximum of the depths of the arguments. 
One needs also some kind of vertical composition that makes forests grow. 
This requires a notion of a context, which is a forest with a single hole in 
some leaf. Contexts can be composed by putting one of them in the hole 
of the other (see Figure 2). Moreover, by putting a forest in the hole of 
a context we obtain again a forest. Summarizing, for unranked, ordered, 
finite forests there are two natural monoids: 


e Horizontal monoid. Forests with concatenation, and the empty tree 
as a neutral element. 


e Vertical monoid. Contexts with context composition, and the context 
with a hole in the root as a neutral element. 


The two monoids are linked by an action of contexts on forests: if p is a 
context and t is a forest then pt is a forest obtained by putting t in the hole 
of p in the same way as the contexts are composed. 
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A forest tı A forest tə The resulting 
forest tı + te 


FIGURE 1. Forest concatenation 


A context p A context q The resulting 
context pq 


FIGURE 2. Context composition 


In the case of words, a language of finite words induces a congruence, 
the Myhill-Nerode equivalence relation, which has finite index whenever 
the language is regular. The same concepts apply to forest algebras, except 
that we get two congruences: one for the vertical semigroup and one for the 
horizontal semigroup. A regular language of finite forests can be thus seen 
as one where both congruences are of finite index. 

An important property of a forest algebra is that it is a special case of 
a transformation semigroup. Recall that a transformation semigroup is a 
semigroup along with an action over a set. In the forest algebra, the acting 
semigroup is the set of contexts, while that set acted upon is the set of 
forests (which itself is equipped with a semigroup structure). 

There is a well-developed theory of transformation semigroups that is 
useful in classifying regular word languages. We hope that this theory might 
extend to the case of trees and this paper presents first steps in this direction. 
To illustrate how forest algebra can be used in classifying regular languages, 
we show how two language classes—forest languages determined by the 
labels occurring in a forest, and forest languages definable by a X, formula— 
can be described in terms of forest algebra. We also present a more involved 
example: languages definable in the temporal logic EF. 


2 Preliminaries 


The set of trees and forests over a finite alphabet A is defined as follows: 
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e an empty tree, denoted 0, is a tree (and therefore also a forest); 
e if s,t are forests, then s + t is a forest; moreover + is associative; 
e If s is a forest, then as is a tree (and also a forest) for every a € A. 


The empty tree is a neutral element for the operation + of forest con- 
catenation. This operation is in general non-commutative. A tree is a forest 
of the form as, where s is a forest. We denote trees, as well as forests, by 
s, t and u. Most of the time we shall be working with forests and we shall 
say explicitly when a variable denotes a tree. 

It will be convenient to interpret a forest as a partial function t : Nt — A 
with a finite domain (the roots of this forest are the nodes from N). Elements 
of this finite domain are called nodes of t. (The domain is closed under 
nonempty prefixes, and if y < y’ are natural numbers with x - y’ in the 
domain, then also x- y belongs to the domain.) This function assigns to 
each node its label. If x,y are two nodes of t, we write x < y (x < y) if 
x is a (proper) prefix of y (i.e x is closer to the root than y). If x isa 
maximal node satisfying x < y, then we call x the parent of y and we call y 
a successor of x. (Each node has at most one parent, but may have many 
successors.) Two nodes are siblings if they have the same parent. A leaf is 
a node without successors. The subtree of t rooted in the node x, denoted 
tlx, assigns the label t(x - y) to a node 0 - y. The successor forest of a node 
is the forest of subtrees rooted in that node’s successors. 

An A-context is an (A U {«})-forest, where * is a special symbol not 
in A. Moreover, x occurs in exactly one leaf, which is called the hole. We 
use letters p,q to denote contexts. When p is a context and t is a forest, 
pt is the forest obtained from p by replacing the hole with ¢ (see Figure 2). 
Similarly we define the composition of two contexts p, q — this is the context 
p-q that satisfies (p - q)t = p(qt) for every forest t. The neutral element 
of context composition is a context, denoted 1, consisting only of a single 
node labeled x. 


3 Forest algebras 


In this section we formally define a forest algebra. We give some examples 
and explore some basic properties. 

A forest algebra (H, V, act, iny, ing) consists of two monoids H,V, along 
with an action act : H x V — H of V on H and two operations inz, inp : 
H — V. We denote the monoid operation in H by + and the monoid 
operation in V by -. The neutral elements of the two monoids will be 
denoted respectively: 0 and 1. Instead of writing act(h,v), we write vh 
(notice a reversal of arguments). A forest algebra must satisfy the following 
axioms: 
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action (v-w)h = v(wh); 
insertion in(g)h = g + h and ing(g)h = h + g; 
faithfulness for every two distinct v,w € V there is h € H with vh Æ wh; 


We call V the vertical monoid and H the horizontal monoid. Thanks 
to the action axiom it is unambiguous to write vwh. Most of the time we 
shall omit the act, in;, ing from (H, V, act, in, ing) and write (H, V), just 
as we identify a monoid with its carrier set. We shall also sometimes write 
h + 1 instead of inh, and 1 + h instead of ingh. 


Example 3.1. Let H be any monoid. Let V be the set H” of all transfor- 
mations of H into H, with composition as the operation. To obtain a forest 
algebra from (H, V) it suffices to add the action and inz, ing. We can take 
the action of V on H to be just function application. The operations iny, 
and ing are then determined by the insertion axiom. Faithfulness can be 
easily verified. 


Note 3.2. As mentioned earlier, we have chosen to write the action on the 
left, while the standard practice in the algebraic study of languages of words 
is to write it on the right. That is, we write act(h,v) as vh, while in most 
papers on monoids and word languages one would see hv. We feel that this 
choice is justified by the difference in the way words and trees are denoted. 
In the case of words, writing the action on the right is justified by the way 
words are written (with the first letter on the left) as well as the way finite 
automata read the input (from left to right). For example, if one wants to 
calculate the action of a word abb on a state q of an automaton, one writes 
dfafofo; where fa, fp are the actions associated with the corresponding 
letters. Using standard functional notation this would give fp(fo(fa(q))). 
Hence, writing action on the right saves tiresome reversal of the word. For 
trees the situation is different. Usually, one describes trees with terms. So 
a(t, + t2) denotes a tree with the root a and two subtrees tı and tg. If we 
were writing actions on the right, the value of this tree would be denoted 
by (hı + h2)va, where h; is the value of t; and va is the value of a. In 
consequence, writing the action to the right corresponds to writing terms 
in reverse Polish notation. Writing the action on the right would thus force 
us either: to do the conversion into reverse Polish notation each time we 
go from trees to algebra, or to write trees in reverse Polish notation. The 
authors think that both options are more troublesome than the choice of 
the writing action on the left. 


Note 3.3. Despite additive notation for monoid (H, +), we do not require + 
to be commutative. Having H commutative would be equivalent to saying 
that the order of siblings in a tree is not relevant. Although in all the 
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examples given in this paper + will be commutative, one can easily find 
examples when it will not be the case. A prominent one is first-order logic 
with order on siblings. 


Note 3.4. The axioms of forest algebra imply the existence of strong links 
between horizontal and vertical monoids. The first observation is that every 
element of h of H is of the form v0 for some v € V. Indeed, it is enough 
to take inh for v. Moreover, the mappings in, ing : H — V are monoid 
morphisms as in, (hi + h2) = inL (hı Jing (h2) and iny(0) = 1. 


A morphism between two forest algebras (H,V) and (G,W) is a pair of 
monoid morphisms (a: H > G,3:V — W) with additional requirements 
ensuring that the operations are preserved: 


a(vh) = B(v)a(h) 
B(iny(h)) =inp(a(h)) and G(ing(h)) = ing(a(h)) 
Note 3.5. The morphism a is determined by @ via 
a(h) = a(h + 0) = a(inn(h)0) = Bint (h))a(0) , 


where a(0) must be the neutral element in G by the assumption on a being 
a monoid morphism. So it is enough to give a morphism ĝ and verify if 
together with the uniquely determined a they preserve the operations. 


Given an alphabet A, we define the free forest algebra over A, which is 
denoted by A“, as follows: 


e The horizontal monoid is the set of forests over A. 
e The vertical monoid is the set of contexts over A. 
e The action is the substitution of forests in contexts. 


e The in; function takes a forest and transforms it into a context with 
a hole to the right of all the roots in the forest. Similarly for ing but 
the hole is to the left of the roots. 


Observe that iny, and ing are uniquely determined by insertion axioms, once 
the action is defined. The following lemma shows that free forest algebra is 
free in the sense of universal algebra. 


Lemma 3.6. The free forest algebra A* is a forest algebra. Moreover, 
for every forest algebra (H,V), every function f : A — V can be uniquely 
extended to a morphism (a, 8) : AS — (H, V) such that 3(a(*)) = f(a) for 
every a € A. 
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Proof. That A* is a forest algebra can be easily verified. We define a 
homomorphism by induction on the size of a tree/context: 


a(0) = 0 B(*) =1 
a(at) = f(a)(a(t)) B(a(p)) = F(a) P) 
a(t, + t2) = a(t) +a(t2) (ti + p+ te) = inz(a(t1))ing(a(t2))4(p) 


Directly from the definition it follows that a, @ is a unique possible extension 
of f to a homomorphism. It can be checked that the two mappings are 
well defined. It is clear that œ preserves + operation. One shows that 
B(pq) = B(p)B(q) by induction on the size of p. The preservation of the 
action property: a(pt) = 3(p)a(t) is also proved by induction on p. Finally, 
Blin, (t)) = A + *) = altı) + BCL) = int (a(t))8Q) = imn(a(é)). awn. 


We now proceed to define languages recognized by forest algebras. 


Definition 3.7. A set L of A-forests is said to be recognized by a surjective 
morphism (a, 8) : A^ — (H,V) if L is the inverse image a~!(G) of some 
G C H. The morphism (a, 3) is said to recognize L, the set G is called the 
accepting set, and L is said to be recognized by (H,V). 


Generally, we are interested in the case when (H, V) is finite; in this case 
we say that L is recognizable. 


Example 3.8. Consider the set L of forests with an even number of nodes. 
We present here a finite forest algebra (H, V) recognizing L. Both H and V 
are {0,1} with addition modulo 2. The action is also addition; this defines 
the insertion functions uniquely. The recognizing morphism maps a context 
onto 0 if it has an even number of nodes. The accepting set is {0}. 


Example 3.9. A language L of A-forests is called label-testable if the mem- 
bership t € L depends only on the sets of labels that occur in t. The ap- 
propriate forest algebra is defined as follows. Both H and V are the same 
monoid: the set P(A) with union as the operation. This determines the ac- 
tion, which must also be also union. We can take as a recognizing morphism 
a function that maps a context to the set of its labels. 


Note 3.10. Another way to look at a forest algebra is from the point of 
view of universal algebra. In this setting, a forest algebra is a two-sorted 
algebra (with the sorts being H and V) along with two constants (neutral 
elements for H and V) and five operations: (i) monoid operations in H and 
V, (ii) the action vh of V on H and (iii) the two insertion operations iny, and 
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ing. Forest algebras cannot be defined equationally due to the faithfulness 
requirement. 

The universal algebra viewpoint gives us definitions of such concepts 
as subalgebra, cartesian product, quotient, morphism. The requirement of 
faithfulness is not preserved by homomorphic images and quotients. This 
implies that every time we take a quotient we need to check if the result is 
a faithful algebra. 


3.1 Syntactic algebra for forest languages 


Our aim now is to establish the concept of a syntactic forest algebra of a 
forest language. This is going to be a forest algebra that recognizes the 
language, and one that is optimal among those that do. 


Definition 3.11. We associate with a forest language L two equivalence 
relations on the free forest algebra A®: 


e Two A-forests s, t are L-equivalent if for every context p, either both 
or none of the forests ps, pt belong to L. 


e Two A-contexts p, q are L-equivalent if for every forest t, the forests 
pt and qt are L-equivalent. 


Lemma 3.12. Both L-equivalence relations are congruences with respect 
to the operations of the forest algebra A‘. 


Proof. We first show that L-equivalence for forests is a congruence with 
respect to concatenation of forests. We shall consider only concatenation to 
the right. We show that if s and s’ are L-equivalent, then so are the forests 
s+t and s’+t, for every forest t. Unraveling the definition of L-equivalence, 
we must show that for every context p we have: p(s+t) € L iff p(s’ +t) € L. 
Taking q = p- ing(t) we get qs = pling (t)s) = p(s + t). In consequence: 


pist+theL iff gqs)EeL iff gs')EL iff p(s’ +tHeL, 


where the middle equivalence follows from L-equivalence of s and s’. The 
proof for the concatenation to the left is analogous. 

We now proceed to show that L-equivalence for contexts is a congruence 
with respect to context composition. We need to show that if two contexts p 
and p’ are L-equivalent, then so are the contexts pq and p'q for any context q 
(and similarly for the concatenation to the left). We need to show that for 
every forest t and every context q’, 


qpqte L iff q'p'qteL. 


The above equivalence follows immediately from the L-equivalence of p 
and p’: it suffices to consider qt as a tree that is plugged into the contexts p 
and p’. 


Forest algebras 115 


In a similar way, one shows that L-equivalence is a congruence with 
respect to the action pt and the insertions ing (t), inp(t). Q.E.D. 


Definition 3.13. The syntactic forest algebra for L is the quotient of A^ 
with respect to L-equivalence, where the horizontal semigroup H* consists 
of equivalence classes of forests over A, while the vertical semigroup V4 
consists of equivalence classes of contexts over A. The syntactic morphism 
(at, BŁ) assigns to every element of A“ its equivalence class in (H",V). 


The above lemma guarantees that the quotient is well defined. In this 
quotient, faithfulness holds thanks to the definition of LZ-equivalence over 
contexts. The action and insertion axioms are also satisfied (as it is a 
quotient of a forest algebra). Hence, it is a forest algebra. We claim that 
this forest algebra satisfies the properties required from the syntactic forest 
algebra of L. 


Proposition 3.14. A language L of A-forests is recognized by a the syntac- 
tic morphism (a”, 3”). Moreover, any morphism (a, 3) : Aê — (H,V) that 
recognizes L can be extended by a morphism (a’, 3’) : (H,V) > (H*,V”) 
so that 8’ o 8 = BY. 


Proof. The first part follows immediately by taking as an accepting set the 
set of L-equivalence classes of all the elements of L. The second statement 
follows from the observation that if two A-forests or contexts have the same 
image under (a, 3) then they are L-equivalent. Q.E.D. 


Note that in general the syntactic forest algebra may be infinite. How- 
ever, Proposition 3.14 shows that if a forest language is recognized by some 
finite forest algebra, then its syntactic forest algebra must also be finite. 
In this case the syntactic forest algebra can be also easily computed. The 
procedure is the same as for syntactic monoids. Given a finite forest algebra 
(H,V) and a subset G C H one marks iteratively all the pairs of elements 
that are not equivalent with respect to G. First, one marks all pairs con- 
sisting of an element of G and of an element of H \ G. Then one marks a 
pair (hı, h2) € H x H if there is a v € V such that (vh, vh2) is already 
marked. One marks also a pair of vertical elements (v1, v2) if there is a 
horizontal element h with (vih, v2h) already marked. This process contin- 
ues until no new pairs can be marked. The syntactic forest algebra is the 
quotient of the given algebra by the relation consisting of all the pairs that 
are not marked. In Section 3.3 we shall show that recognizability is equiv- 
alent with being accepted by the standard form of automata. In particular 
the proof of Proposition 3.19 gives a way of constructing a forest algebra 
from automaton. Together with the above discussion this gives a method of 
constructing a syntactic forest algebra for the language accepted by a given 
tree automaton. 
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3.2 Forest algebras and tree languages 


Forest algebras give a natural definition of recognizable forest languages 
(Definition 3.7). However, tree languages are studied more often than forest 
languages. In this section we describe how a forest algebra can be used to 
recognize a language of unranked trees. 


Definition 3.15. Given a tree language L over A and a letter a € A, the a- 
quotient, denoted a~'L, is the set of forests t that satisfy at € L. A language 
L of A-trees is tree-recognized by a morphism (a, 3) : A^ —> (H,V) if a! L 
is recognized by (a, 3) for all a € A. 


Note that the above definition does not say anything about trees with 
only one (root-leaf) node; but these are finitely many and irrelevant most 
of the time. In particular, regular languages are closed under adding or 
removing a finite number of trees. 


Example 3.16. A tree language of the form: “the root label is a € A” is 
tree-recognized by any forest algebra. This because all the quotients b~1L 
for b € A are either empty (when b ¥ a) or contain all forests (when b = a). 


The above definition of recognizability induces a definition of syntactic 
forest algebra for a tree language L. Consider the intersection of all (a~!L)- 
equivalences for a € A. This is a congruence on A® as it is an intersection 
of congruences. It is easy to check that the result is a faithful algebra. 


Note 3.17. There is an alternative definition of tree-recognizability. In 
the alternative definition, we say that a tree language L is tree-recognized 
by a forest algebra (H,V) if there is a forest language K recognized by 
(H,V) such that L is the intersection of K with the set of trees. Under this 
alternative definition, there is no correct notion of syntactic algebra. For in- 
stance, the tree language “trees whose root label is a” can be tree-recognized 
by two forest algebras that have no common quotient tree-recognizing this 
language. Indeed, these may be forest algebras for two different forest lan- 
guages that agree on trees. 


Note 3.18. Yet another alternative definition of tree-recognizability says 
that L is tree-recognized iff it is recognized. In this case, the forest algebra 
must keep track of what is a single tree, and what is a forest. As a result, 
it becomes impossible to characterize some languages by properties of their 
syntactic algebras. For instance, consider the tree language “all trees”. 
The horizontal monoid of this language has three elements: H = {0,1,2+} 
which keep track of the number of trees in the forest. The vertical monoid 
has the transformations 


V ={hm h,h=e h+1,h = h+2,h = 1,h = 2+}. 
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The first three are contexts with the hole in the root, and the last two have 
the hole in a non root node. It is already inconvenient that the simplest 
possible tree language needs a non-trivial algebra. Furthermore, this same 
algebra recognizes the language “trees over {a,b} where a does not appear 
in the root”. The recognizing morphism maps the label a to h — h + 2 and 
the label b to h — 1. One can suggest several logics that can describe the 
first language but not the second, for all these logics characterizations in 
terms of syntactic algebras will be impossible. 


3.3 Automata over forests 


We would like to show that our definition of recognizability is equivalent 
with the standard notion of regular languages, i.e., languages accepted by 
automata. There are numerous presentations of automata on finite un- 
ranked trees and forests; here we shall use one that matches our algebraic 
definitions. 


A forest automaton over an alphabet A is a tuple 
A= ((Q,0,+), A, 6:(AxQ—>Q), FEQ) 


where (Q,0,+) is a finite monoid; intuitively a set of states with an opera- 
tion of composition on states. 

The automaton assigns to every forest t a value t^ € Q, which is defined 
by induction as follows: 


e if t is an empty forest, then t^ is 0; 


e if t = as, then t^ is defined to be 6(a,s4), in particular if t is a leaf 
then t^ = d(a, 0); 


e if t= tı +: +tn then t^ is defined to be tf +---+¢/; observe that 
the + operation in the last expression is done in (Q,0,+). 


A forest t is accepted by A if t^ € F. 


Proposition 3.19. A forest language is recognized by a finite forest algebra 
if and only if it is the language of forests accepted by some forest automaton. 


Proof. Take a tree language L recognized by a morphism (a, 8) : A* > 
(H,V). That is L = a~!(F) for some F C H. For the “only if” part, we 
need to show how it can be recognized by an automaton. Let A = (H, A, ô : 
Ax H — H, F) where H is the horizontal monoid, F C H is as above, and 
6 is defined by 

d(a, h) = B(a)h frac A. 


By induction on the size of the forest one can show that t4 = a(t). Thus 
A recognizes the language of forests L. 
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For the other direction, suppose that we are given an automaton A = 
((Q,0,+), A, 6, F). We consider a forest algebra (H, V) where H is (Q,0, +) 
and V is the function space H — H with function composition as the 
operation and the identity as the neutral element. The action is function 
application and the insertions are uniquely determined. It is easy to see 
that (H, V) is a forest algebra. Consider now the unique homomorphism 
(a, B) : Aĉ > (H,V) with 


Bla) = ô(a) frac A; 


observe that each d(a) is a function from H to H. This homomorphism 
might not be surjective as required by Definition 3.7, in this case we only 
keep the part of the algebra used by the homomorphism. By induction on 
the height of the forest one can show that t^ = a(t). Q.E.D. 


Actually, the above notion of automaton can be refined to a notion of 
(H,V) automaton for any forest algebra (H, V). Such an automaton has 
the form: 

A=(H, A, 6:A—-V, FCH) 
thus the only change is that now states are from H and (b) is an element of 
from V while before it was a function from Q — Q. We can do this because 
using the action act of the forest algebra, each v € V defines a function 
act(v): H > H. 

By the same reasoning as before, every language accepted by a (H,V) 
automaton is recognized by the algebra (H, V). Conversely, every language 
recognized by (H,V) is accepted by some (H,V) automaton. This equiva- 
lence shows essential differences between algebras and automata. Algebras 
do not depend on alphabets, while alphabets are explicitly declared in the 
description of an automaton. More importantly, the structure of the verti- 
cal semigroup is not visible in an automaton: in an automaton we see only 
generators of the vertical semigroup. 

It may be worth to compare the above automata model with unranked 
tree automata (UTA’s) [17, 10]. The only difference of any importance 
between these models is that UTA’s have transition function of the form 
6:4 x Q — Reg(Q), i.e., to each pair of state and letter, a UTA assigns a 
regular language over the alphabet Q. A tree whose root is labeled a can be 
assigned a state q if the sequence of states assigned to its children is in the 
regular language 6(q,a). In our case regular languages are represented by 
monoids. More precisely, we use one monoid structure on states to simul- 
taneously recognize all regular word languages that appear in transitions. 
The two automata models have the same expressive power, and effective 
translations can be easily presented. Note that since we use monoids, there 
may be an exponential growth when translating from a UTA to a forest 
automaton. 
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3.4 Other possible variants of forest algebra 


For words, one can use either monoids or semigroups to recognize word 
languages. In the first case, the appropriate languages are of the form 
L C A*, while the second case disallows the empty word, and only languages 
L C A? are considered. 

For forests, the number of choices is much greater. Not only do we have 
two sorts (forests and contexts) instead of just one (words), but these sorts 
are also more complex. This requires at least two choices: 


e Is the empty forest a forest? Here, we say yes. 
e Is the empty context a context? Here, we say yes. 


We can also put some other restrictions on a position of the hole in the 
context, for example that it cannot have siblings, or that it cannot be in 
the root. Each combination of answers to the above questions gives rise to 
an appropriate definition of a forest algebra, as long as the correct axioms 
are formulated. 

We do not lay any claim to the superiority of our choices. The others 
are just as viable, but this does not mean that they are all equivalent. 
The difference becomes visible when one tries to characterize algebras by 
equations. For example, the equation vh = vg in our setting implies h = g 
because this equation should be valid for all assignments of elements to 
variables, and in particular we can assign the identity context to v. But then, 
h = g says that the horizontal monoid is trivial. If we did not allow contexts 
with the hole in a root, this equation would describe forest languages where 
membership of a forest depends only on the labels of its roots. 

One may also ask what would happen if we had dropped the vertical 
structure. We could work with pairs of the form (H,Z) where Z is just 
a set and not a semigroup, but still we could have an action of Z on H. 
Such pairs correspond to automata where the alphabet is not fixed. For 
such objects we do not need to require insertion axioms as these axioms 
talk about the structure of the vertical semigroup which is not present here. 
All the theory could be developed in this setting but once again equations 
would have different meaning in this setting. In particular we would not 
have any way to refer explicitly to vertical composition. We refrain from 
doing this because we think that the structure of the vertical semigroup is 
important. 


4 Simple applications 


In this section we present two straightforward characterizations of forest 
languages. Both are effective, meaning that the conditions on the forest al- 
gebra can be effectively tested. The first characterization—of label testable 
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languages—illustrates how a property of the context monoid can have im- 
portant implications for the forest monoid. The second characterization—of 
languages definable by a 1 formula—shows that we can also consider lan- 
guage classes that are not closed under boolean operations. 

In the following we shall very often express properties of algebras by 
equations. An equation is a pair of terms in the signature of forest algebras 
over two types of variables: horizontal variables (h, g, ...), and vertical 
variables (v, w,...). These terms should be well typed in an obvious sense 
and should have the same type: both should be either of the forest type, or 
of the context type. An algebra satisfies an equation if for any valuation 
assigning elements of the horizontal monoid to horizontal variables, and 
elements of the vertical monoid to vertical variables, the two terms have the 
same value. In this way an equation expresses a propery of algebras. 

We say a forest language is label testable if the membership in the lan- 
guage depends only on the set of labels that appear in the forest. 


Theorem 4.1. A language is label testable if and only if its syntactic al- 
gebra satisfies the equations: 


VU =Uv UW = WU . 


Proof. The only if part is fairly obvious, we only concentrate on the if part. 
Let then L be a language recognized by a morphism (a, 3): A* > (H,V), 
with the target forest algebra satisfying the equations in the statement of 
the theorem. We will show that for every forest t the value a(t) depends 
only on the labels appearing in t. 

We start by showing that the two equations from the statement of the 
theorem imply another three. The first is the idempotency of the horizontal 
monoid: 

h+h=h. 


This equation must hold in any forest algebra satisfying our assumption 
because of the following reasoning which uses the idempotency of the vertical 
monoid: 

hth=(h+1)(h+1)0=(h+1)0=h. 


(In the above, h + 1 denotes the context in, (h).) The second is the com- 
mutativity of the horizontal monoid: 


h+g=gth. 
The argument uses commutativity of the vertical monoid: 


h+g=(h+1)(94+1)0=(g+1)(h4+1L0=g+h. 
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Finally, we have an equation that allows us to flatten the trees: 
v(h) =h+v0. 
The proof uses once again the commutativity of the vertical monoid: 
v(h) = v(h + 1)0 = (h+1)00 =h+4+00. 


The normal form of a forest will be a forest a,0+---+a,,0, where each tree 
contains only one node, labeled a;. Furthermore, the labels a,,...,@, are 
exactly the labels used in t, sorted without repetition under some arbitrary 
order on the set A. Using the three equations above one can show that 
every forest has the same value under a as its normal form. Starting from 
the normal form one can first use idempotency to “produce” as many copies 
of each label as the number of its appearances in the tree. Then using the 
last equation and the commutativity one can reconstruct the tree starting 
from leaves and proceeding to the root. Q.E.D. 


Note 4.2. If we omit the equation vv = v, we get languages that can be 
defined by a boolean combination of clauses of the forms: “label a occurs 
at least k times”, or “the number of occurrences of label a is k mod n”. 


We now present the second characterization. A X; formula is a formula 
of first-order logic, where only existential quantifiers appear in the quantifier 
prenex normal form. The logic we have in mind uses the signature allowing 
label tests (a node x has label a) and the descendant order (a node x is a 
descendant of a node y). The following result shows which forest languages 
can be defined in 1: 


Theorem 4.3. Let L be a forest language, and let (a, 8) be its syntactic 
morphism. A language L is definable in X; if and only if vh € a(L) implies 
vwh € a(L), for every v,w,h. 


Proof. The only if implication is an immediate consequence of the fact that 
languages defined in X; are closed under adding nodes. We will now show 
the if implication. Below, we shall say that a forest s is a piece of a forest t 
if s can be obtained from t by removing nodes (i.e. the transitive closure of 
the relation which reduces a forest pqs to a forest ps). 

Let L be a language recognized by a morphism (a, 3) : AS > (H,V), 
with a satisfying the property in the statement of the theorem. For each 
h € H, let Tn be the set of forests that are assigned h by a, but have no 
proper piece with this property. Using a pumping argument, one can show 
that each set Th is finite. We claim that a forest belongs to L if and only 
if it contains a piece t € Th, with h € a(L). The theorem follows from this 
claim, since the latter property can be expressed in ¥}4. 
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The only if part of the claim is obvious: if a forest t belongs to L, then by 
definition it contains a piece from Taq), since a(t) belongs to a(L). For the 
if part of the claim, we need to use the property of a stated in the theorem: 
if t contains a piece s with a(s) € a(L), then by iterative application of the 
implication vh € a(L) > vwh € a(L), we can show that a(t) also belongs 
to a(L), and hence t belongs to L. Q.E.D. 


5 Characterization of EF 


In this section we show how forest algebras can be used to give a decid- 
able characterization of a known temporal logic for trees. The logic in 
question, called EF, is a fragment of CTL where EF is the only temporal 
operator allowed. Decidability of this fragment for the case of binary trees 
is known [5], and several alternative proofs have already appeared [23, 7]. 
Here, we should like to show how our setting—which talks about forests— 
can be used to show decidability of a logic over trees. 


5.1 The logic EF 


EF is a temporal logic that expresses properties of trees. The name EF is due 
to the unique temporal operator in the logic, EF, which stands for Exists 
(some path) Further down (on this path). Formulas of EF are defined as 
follows: 


e If a is a letter, then a is a formula true in trees whose root label is a. 
e EF formulas are closed under boolean connectives. 


e If y is an EF formula, then EFy is an EF formula true in trees having 
a proper subtree satisfying y. 


We write t F ọ to denote that a formula y is true in a tree t. Restricting 
to proper subtrees in the definition of EF gives us more power, since the 
non-proper operator can be defined as y V EFy. 

We need to deal with a mismatch due to the fact that EF is defined 
over trees and our algebraic setting works with forests. For this, we need to 
define how forest languages can be defined in EF. 


Definition 5.1. A tree language L is definable in EF iff there is an EF 
formula a with L = {t: tF a}. A forest language L is definable in EF if for 
some a € A the tree language {at : t € L} is definable in EF. 


Notice that the choice of a in the above definition does not matter. The 
following observation shows that we can use forest definability to decide tree 
definability. 


Lemma 5.2. A tree language L is EF definable iff for every a € A the forest 
language a7 1L is EF definable (as a language of forests). 


Forest algebras 123 


Proof. Suppose L is a tree language defined by a formula y. This formula is 
boolean combination for formulas starting with EF and formulas of the form 
b for some b € A. It is easy to see that y can rewritten as a conjunction of 
implications Apea b => Yo, where (yo, for all b € A, is a boolean combination 
of formulas starting with EF. Then Ya defines the forest language a~!L. 

For the other direction suppose that for each a € A the forest language 
a~'L is EF-definable. So there is a formula Ya and a letter b € A such that 
bt E Ya iff t € a tL. We can, if necessary, modify Ya into y!, with the 
property that bt F Ya if and only if at F y!,. The tree language L is then 
defined by Asca 4 > Ya: Q.E.D. 


As the main result of this section, we present two equations and show 
that a forest language is definable by an EF formula if and only if its syntactic 
forest algebra satisfies these equations. In particular, it is decidable if a 
regular tree language can be defined in EF. 


Theorem 5.3. A forest language is definable in EF if and only if its syntac- 
tic forest algebra satisfies the following equations, called the EF equations: 


g+h=h+g (1.1) 
vh=h+vh. (1.2) 


Equation (1.1) states that the horizontal monoid is commutative. In 
other words, membership of a forest in the language does not depend on 
order of siblings. Equation (1.2) is specific to EF and talks about interaction 
between two monoids. This equation also shows an advantage of our setting: 
the equation can be that simple because we need not to worry about the 
degree of vertices, and we can compare not only trees but also forests. The 
proof of the theorem is split across the following two subsections. 


Note 5.4. One can also consider the logic EF*, where the EF modality is 
replaced by its non-strict version EF*. A formula EF*y is equivalent to 
p V EFy. As mentioned before, this logic is strictly weaker than EF. For 
example, one cannot express in EF* that a tree consists only of one leaf. 
Recently, a decidable characterization of EF* was given in [23, 7]. The logic 
EF*y is not as well-behaved in our algebraic setting as EF. The problem is 
that one cannot tell if a forest language is definable in EF* just by looking at 
its syntactic forest algebra. For an example, consider the language defined 
by the formula EF*(b A EF*c), over the alphabet {a,b,c}. The syntactic 
forest algebra for this language can also recognize the language of flat forests 
(where every tree consists only of the root). But the latter language is not 
EF* definable. 
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5.2 Correctness 


We show that the syntactic algebra of a forest language definable in EF 
must satisfy the EF equations. The basic idea is to prove that any language 
definable in EF is recognized by a forest algebra satisfying the EF equations. 
We shall then be able to conclude that the syntactic algebra must also 
satisfy these equations, as it is a morphic image of any algebra recognizing 
the language. 

Assume then that a forest language L over an alphabet A is defined 
by a formula y. The EF-closure of p, denoted cler(y), is the set of all 
subformulas of y of the form EFw for some y. 

Given a forest t and a € A we define a forest type of t (with respect to 
our fixed g): 


FT, (t) = {4 € cler(y) : at E Y} . 
It is clear that this definition does not depend on the choice of a, so we do 
not include it in the notation. 

We now define an equivalence relation on forests by saying that two 
forest are -equivalent if their FT, values are the same. We denote this 
relation by ~,. The relation can be extended to contexts by saying that two 
contexts p, q are ~, equivalent if for every nonempty forest t, the forests pt 
and qt are ~y equivalent. 


Lemma 5.5. The relation ~, is a congruence of the free forest algebra A^. 


Proof. It is clear that ~, is an equivalence relation on forests and contexts. 
We need to show that it is a congruence. The first preparatory step is to 
show by induction on the size of a context p that for any two forests tı ~ọ t2 
we have pt; ~y pte. 

Using this we can now show that ~, preserves the action. Suppose that 
Pl ~y p2 and tı ~y t2. Then pıtı ~y pitz ~y pote; where the second 
equivalence follows directly from the definition of ~, for contexts. 

Next, we deal with monoid operations in H and V. From the definition 
it easily follows that if sı ~y tı and s2 ~y t2 then sı + s2 ~g tı + t2. For 
the contexts take pj ~y p2 and qı ~y q2. For an arbitrary tree t we have: 
gpit ~y “pet ~y q2p2t. The first equivalence follows from the property 
proved in above, as pit ~ọ pat. 

Finally, we deal with the insertion operations. Take sı ~, s2 and an 
arbitrary tree t. We have (iny(s1))t = s1 +t ~, s2 +t = (inp (s2))t. Q.E.D. 


Lemma 5.6. The quotient Aĉ / ~o is a forest algebra, and it recognizes 
L. Equations (1.1) and (1.2) are satisfied in the quotient. 


Proof. For A*/ ~y to be a forest algebra we must check if it is faithful. To 
check faithfulness take p, q which are not in ~, relation. Then there is a 
tree t such that pt £y qt which gives: [p][t] = [pt] o [at] = [a][#]. 


Forest algebras 125 


The language L is recognized by a canonical homomorphism assigning 
to each context its equivalence class, and the accepting set consisting of 
equivalence classes of trees from L. To show that it is correct we need 
to show that if two trees are equivalent then either both or none of them 
satisfies y. This follows from the observation that y is equivalent to a 
formula of the form a => y’ where y’ is a boolean combination of some 
formulas form cler(y). 

A straightforward inspection shows that the equations are satisfied. For 
example, the fact that the trees vh and h + vh have the same FT, value 
follows directly from the definition of the value. Q.E.D. 


As the syntactic algebra for L is a morphic image of any other algebra 
recognizing L (cf. Proposition 3.14), all equations satisfied in A^ / ~, must 
hold also in the syntactic algebra. 


Corollary 5.7. The syntactic algebra of an EF definable forest language 
satisfies the equations (1.1) and (1.2). 


5.3 Completeness 


In this section we show that if a forest algebra satisfies the two EF equations, 
then every forest language recognized by this algebra can be defined in EF. 
This gives the desired result, since the syntactic algebra of L recognizes L. 

From now on we fix a forest algebra (H,V) that recognizes a forest 
language L via a morphism 


(a, B) : Aĉ > (H,V). 


We assume that the forest algebra (H, V) satisfies the two EF equations (1.1) 
and (1.2). We shall show that L can be defined using an EF formula. 
We first show that the EF equations imply two other properties: 


h=h+h (1.3) 
w(vw)” = (vw)” . (1.4) 


These state idempotency of the horizontal monoid, and L-triviality of the 
vertical monoid, respectively. We need to explain the w notation, though. 
In each finite semigroup (and hence in each monoid) S, there is a power 
n € N such that all elements s € S satisfy s” = s"s”". We refer to this 
power as w, and use it in equations. In particular, every finite semigroup 
satisfies the equation: s” = s”s”. The reader is advised to substitute “a 
very large power” for the term w when reading the equations. 

The idempotency of the horizontal monoid follows directly from the 
equation vh = h + vh, by taking v to be the neutral element of the vertical 
monoid. Observe that we always have 1h = h, as h = u0 for some u and then 
1(u0) = (1u)0 = u0. The proof for the other equation is more complicated. 
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Lemma 5.8. For each v, w € V, we have w(vw)” = (vw)” 


Proof. First we show that the EF equations imply aperiodicity for the con- 
text monoid: 
vy? = vu" 


Indeed, by applying the first equation repeatedly to v’v”, we obtain: 
ve = veut =v + vv® vvv” ++ + Pu” 
Likewise for vv’ v": 
vv? = vv" v® = yy” + vvv” + vuvv® + +++ + uP? + vvt” 


If we cancel out vv’v” = vv’, and use idempotency and commutativity of 
H, we obtain the desired equality v” = vv". 
We now proceed to show the statement of the lemma. 


w(uw)” = (vw)? + w(vw)® = vw(vw)? + w(uw)” = vw(uw)” = (vw)” . 


In the first and third equation we use vh = h+ vh, while in the second and 
fourth we use aperiodicity. Q.E.D. 


The main idea of the proof is to do an induction with respect to what 
forests can be found inside other forests. Given g,h € H, we write g < h 
there is some context u € V such that h = ug. We write g ~ h if < holds 
both ways. Here are three simple properties of these relations. The first is 
a direct consequence of the second EF equation. The other two require a 
short calculation. 


Lemma 5.9. Ifg<htheng+h=h. 
Lemma 5.10. If g~ h then g = h. In particular, < is a partial order. 


Proof. Assume that g Æ h. If g ~ h then there are contexts v, w such that 
h = wg and g = vh. Iterating this process w-times we obtain 


h = wvh = (wv)?h 
But then, by applying Lemma 5.8, we get 
h=(wv)*h=v(wv)"h=Qg. 
Q.E.D. 


Lemma 5.11. If gı < hy and g2 < he then gı + g2 < hi + ho. 
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Proof. By assumption hı = v1gı and hg = vag. Then, by using commuta- 
tivity of H and equation (1.2), we get 


hy + h2 =vigi + V292 = V191 + gı + V292 + 92 È 94+ 92 - 


The last inequality is a consequence of the property g+ h > g which follows 
from the definition of the order as g + h = (1 + h)g. Q.E.D. 


The next proposition is the main induction in the completeness proof: 


Proposition 5.12. For every h € H, there is an EF formula pp such that 
for every forest t and letter a we have 


atE yn iff a(t)h=h. 


Proof. The proof is by induction on the depth of h in the order <, i.e. on 
the number of f satisfying f < h (as usual, < denotes the strict version of 
<). 

Consider first the base case, when h is minimal for <; which by the way 
implies that h = 0 is the identity of the horizontal monoid. How can a 
forest t satisfy a(t) = h? All leaves need to have labels a € A satisfying 
a(a) = h; this can be easily tested in EF. Second, all internal nodes need to 
have labels a € A satisfying a(a)h = h; this can also be tested in EF. These 
conditions are clearly necessary, but thanks to idempotency h+ h = h, they 
are also sufficient. It remains to say how these conditions can be expressed 
in EF. The formula Jtt says that a node has a proper subtree, i.e., that a 
node is an internal node. So, the formula Apep ~3b A^ Jtt expresses the fact 
that no internal node has the label from a set B. Similarly one can say that 
no leaf has a label form B. 

We now proceed with the induction step. We take some h € H and 
assume that the proposition is true for all f < h. We claim that a forest t 
satisfies a(t) = h iff the following three conditions hold: 


e The forest t contains a witness. There are two types of witness. The 
first type, is a forest of a form sı + s2 with a(s1) + a(s2) = h but 
a(sı),a(s2) < h. The second type is a tree of the form as, with 
a(s) < hand B(aja(s) = h. 


e For all subtrees as of t with s containing a witness, 3(a)(h) = h holds. 


e For all subtrees as of t with a(s) < h we have 3(a)a(s) < h; moreover, 
for all subtrees sı and s2 of t, with a(s1) < h and a(s2) < h we have 
a(sy + s2) < h. 
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These conditions can be easily written in EF using formulas yy for all f < h. 
So it remains to show that they are equivalent to a(t) = h. 

Suppose that the three conditions hold. By the first condition a(t) > h. 
If a(t) were strictly greater than h then there would be a minimal size 
subtree s of t with a(s) £ h. It cannot be of the form sı + s2 because, by 
Lemma 5.11, if a(s1),a(s2) < h then a(s1) + a(s2) < h. So this minimal 
tree should be of the form as. It cannot be the case that a(s) = h because 
of the second property. If a(s) < h then the third property guarantees 
B(a)a(s) < h, a contradiction. 

Suppose now that a(t) = h. It is clear that a minimal subtree of t which 
has the value h is a witness tree satisfying the first property. The second 
property is obvious. Regarding the third property, it is also clear that for 
every subtree of the form as if a(s) < h then G(a)a(s) < h. It remains 
to check that for every two subtrees s1, s2 with a(s1),a(s2) < h we have 
a(s1) + a(s2) < h. Take two such subtrees and a minimal tree containing 
both of them. If it is, say so, then a(s1) < a(s2) and a(s,) + a(se) = 
a(s2) < h. Otherwise, sı and sz are disjoint, and the minimal subtree has 
the form b(t; + t2 + t3) with tı containing sı, and t2 containing s2 (due to 
commutativity, the order of siblings does not matter). Now we have a(s1) < 
a(tı) and a(s2) < a(t2) which gives a(s1 + s2) < a(tı + t2) < a(t) = h by 
Lemma 5.11. Q.E.D. 


6 Conclusions and future work 


This work is motivated by decidability problems for tree logics. As men- 
tioned in the introduction, surprisingly little is known about this subject. 
We hope that this paper represents an advance, if only by making more 
explicit the algebraic questions that are behind these problems. Below we 
discuss some possibilities for future work. 

Wherever there is an algebraic structure for recognizing languages, there 
is an Eilenberg theorem. This theorem gives a bijective mapping between 
classes of languages with good closure properties (language varieties) and 
classes of monoids with good closure properties (monoid varieties). It would 
be interesting to see how this extends to trees, i.e. study varieties forest al- 
gebras. Indeed, we have used equations to characterize EF, in particular the 
appropriate class of forest algebras will satisfy all closure properties usually 
required of a variety. The next step is to a develop variety theory, and check 
what classes of forest algebras can be defined using equations. Under a cer- 
tain definition, it can be shown that first-order definable languages form a 
variety, so does CTL*, and chain logic. There are also logics that do not 
correspond to varieties; we have given EF* as an example. This situation is 
well known in the word case: for some logics one needs to work in monoids, 
for others in semigroups. In the case of trees the choice is bigger. For exam- 
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ple, a characterization of EF* requires to forbid contexts consisting of just 
a hole. Another example is a characterization of first-order logic with two 
variables [4] where the empty tree is excluded. 

A related topic concerns C-varieties [16]. This is a notion from semigroup 
theory, which — among others — does away with the tedious distinction 
between semigroup and monoid varieties. It would be interesting to unify 
the variants mentioned above in a notion of C-variety of forest algebras. 

There are of course classes of tree languages — perhaps even more so 
in trees than words — that are not closed under boolean operations: take 
for instance languages defined by deterministic top down automata, or 41 
definable languages presented here. In the case of words, ordered semigroups 
extend the algebraic approach to such classes. It would be interesting to 
develop a similar concept of ordered forest algebras. 

The logics considered in this paper cannot refer to the order on siblings 
in a tree. It would be worthwhile to find correct equations for logics with 
the order relation on siblings. It is also not clear how to cope with trees of 
bounded branching. One can also ask what is the right concept of forest 
algebras for languages of infinite trees. 
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Abstract 


This paper is a survey on the algebraic approach to the theory 
of automata accepting infinite words. We discuss the various ac- 
ceptance modes (Biichi automata, Muller automata, transition au- 
tomata, weak recognition by a finite semigroup, w-semigroups) and 
prove their equivalence. We also give two algebraic proofs of Mc- 
Naughton’s theorem on the equivalence between Büchi and Muller 
automata. Finally, we present some recent work on prophetic au- 
tomata and discuss its extension to transfinite words. 


1 Introduction 


Among the many research contributions of Wolfgang Thomas, those regard- 
ing automata on infinite words and more generally, on infinite objects, have 
been highly inspiring to the authors. In particular, we should like to empha- 
size the historical importance of his early papers [33, 34, 35], his illuminating 
surveys [36, 37] and the Lecture Notes volume on games and automata [15]. 

Besides being a source of inspiration, Wolfgang always had nice words 
for our own research on the algebraic approach to automata theory. This 
survey, which presents this theory for infinite words, owes much to his en- 
couragement. 

Biichi has extended the classical theory of languages to infinite words in- 
stead of finite ones. Most notions and results known for finite words extend 
to infinite words, often at the price of more difficult proofs. For example, 


Jörg Flum, Erich Grädel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 133-167. 
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proving that rational languages are closed under Boolean operations be- 
comes, in the infinite case, a delicate result, the proof of which makes use 
of Ramsey theorem. In the same way, the determinization of automata, an 
easy algorithm on finite words, turns to a difficult theorem in the infinite 
case. 

Not surprisingly, the same kind of obstacle occurred in the algebraic ap- 
proach to automata theory. It was soon recognized that finite automata are 
closely linked with finite semigroups, thus giving an algebraic counterpart 
of the definition of recognizability by finite automata. In this setting, every 
rational language X of A* is recognized by a morphism from A* onto a 
finite semigroup. There is also a minimal semigroup recognizing X, called 
the syntactic semigroup of X. The success of the algebraic approach for 
studying regular languages was already firmly established by the end of the 
seventies, but it took another ten years to find the appropriate framework 
for infinite words. Semigroups are replaced by w-semigroups, which are, 
roughly speaking, semigroups equipped with an infinite product. In this 
new setting, the definitions of recognizable sets of infinite words and of syn- 
tactic congruence become natural and most results valid for finite words can 
be adapted to infinite words. Carrying on the work of Arnold [1], Pécuchet 
[21, 20] and the second author [22, 23] , Wilke [38, 39] has pushed the anal- 
ogy with the theory for finite words sufficiently far to obtain a counterpart 
of Eilenberg’s variety theorem for finite or infinite words. This theory was 
further extended by using ordered w-semigroups [26, 24]. Notwithstand- 
ing the importance of the variety theory, we do not cover it in this article 
but rather choose to present some applications of the algebraic approach to 
automata theory. The first nontrivial application is the construction of a 
Muller automaton, given a finite semigroup weakly recognizing a language. 
The second one is a purely algebraic proof of the theorem of McNaughton 
stating that any recognizable subset of infinite words is a Boolean combina- 
tion of deterministic recognizable sets. The third one deals with prophetic 
automata, a subclass of Büchi automata in which any infinite word is the 
label of exactly one final path. The main result states that these automata 
are equivalent to Btichi automata. We show, however, that this result does 
not extend to words indexed by ordinals. 

Our paper has the character of a survey. For the reader’s convenience 
it reproduces some of the material published in the book Semigroups and 
automata on infinite words [25], which owes a debt of gratitude to Wolfgang 
Thomas. Proofs are often only sketched in the present paper, but complete 
proofs can be found in [25]. Other surveys on automata and infinite words 
include [23, 24, 36, 37, 32]. 

Our article is divided into seven sections. Automata on infinite words 
are introduced in Section 2. Algebraic recognition modes are discussed in 
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Section 3. The syntactic congruence is defined in Section 4. In Section 5, 
we show that all recognition modes defined so far are equivalent. Sections 
6 and 7 illustrate the power of the algebraic approach. In Section 6, we 
give an algebraic proof of McNaughton’s theorem. Section 7 is devoted to 
prophetic automata. 


2 Automata 


Let A be an alphabet. We denote by At, A* and A”, respectively, the sets 
of nonempty finite words, finite words and infinite words on the alphabet 
A. We also denote by A® the set A* U AY of finite or infinite words on A. 
By definition, an w-rational subset of A“ is a finite union of sets of the form 
XY” where X and Y are rational subsets of A*. 

An automaton is given by a finite alphabet A, a finite set of states Q 
and a subset E of Q x A x Q, called the set of edges or transitions. Two 
transitions (p, a, q) and (p’, a’, q’) are called consecutive if q = p’. An infinite 
path in the automaton A is an infinite sequence p of consecutive transitions 


p: p = q >g 


The state qo is the origin of the infinite path and the infinite word aga, --- 
is its label. We say that the path p passes infinitely often through a state q 
(or that p visits q infinitely often, or yet that q is infinitely repeated in p) if 
there are infinitely many integers n such that qn = q. The set of infinitely 
repeated states in p is denoted by Inf(p). 

An automaton A = (Q, A, E) is said to have deterministic transitions, 
if, for every state q € Q and every letter a € A, there is at most one state q’ 
such that (q,a,q’) is a transition. It is deterministic if it has deterministic 
transitions and if J is a singleton. Dually, A has complete transitions if, for 
every state q E€ Q and every letter a € A, there is at least one state q’ such 
that (q,a,q’) is a transition. 

Acceptance modes are usually defined by specifying a set of successful 
finite or infinite paths. This gives rise to different types of automata. We 
shall only recall here the definition of two classes: the Biichi automata and 
the Muller automata. 


2.1 Biichi automata 


In the model introduced by Biichi, one is given a set of initial states I and 
a set of final states F. Here are the precise definitions. 

Let A = (Q, A, E, I, F) be a Biichi automaton. We say that an infinite 
path in A is initial if its origin is in J and final if it visits F infinitely often. 
It is successful if it is initial and final. The set of infinite words recognized 
by A is the set, denoted by L” (A), of labels of infinite successful paths in 
A. It is also the set of labels of infinite initial paths p in A and such that 
Inf(p)N F # Ø. 


136 O. Carton, D. Perrin, J.-E. Pin 


By definition, a set of infinite words is recognizable if it is recognized by 
some finite Büchi automaton. Biichi has shown that Kleene’s theorem on 
regular languages extends to infinite words. 


Theorem 2.1. A set of infinite words is recognizable if and only if it is 
w-rational. 


The notion of trim automaton can also be adapted to the case of infinite 
words. A state q is called accessible if there is a (possibly empty) finite 
initial path in A ending in q. A state q is called coaccessible if there exists 
an infinite final path starting at q. Finally, A is trim if all its states are 
both accessible and coaccessible. 

It is easy to see that every Butchi automaton is equivalent to a trim 
Buchi automaton. For this reason, we shall assume that all the automata 
considered in this paper are trim. 

So far, extending automata theory to infinite words did not raise any 
insuperable problems. However, it starts getting harder when it comes to 
determinism. 

The description of the subsets of A” recognized by deterministic Biichi 
automata involves a new operator. For a subset L of A%*, let 


t= {u € A” | u has infinitely many prefixes in L}. 


Example 2.2. 
(a) If L=a*b, then L = Ø. 
(b) If L= (ab)*, then L = (ab). 
(c) If L = (a*b)* = (a + b)*b, that is if L is the set of words ending 
with b, then re (a*b)”, which is the set of infinite words containing 
infinitely many occurrences of b. 


The following example shows that not every set of words can be written in 
— 
the form L. 


Example 2.3. The set X = (a + b)*a” of words with a finite number of 
occurrences of b is not of the form L. Otherwise, the word ba” would have a 
prefix wu; = ba”! in L, the word ba™' ba” would have a prefix uz = ba” ba”? 
in L, etc. and the infinite word u = ba”! ba™ba™ --- would have an infinity 
of prefixes in L and hence would be in T: This is impossible, since u 
contains infinitely many b’s. 


A set of infinite words which can be recognized by a deterministic Büchi 
automaton is called deterministic. 


Theorem 2.4. A subset X of A” is deterministic if and only if there exists 
— 
a recognizable set L of At such that X = L. 
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2.2 Muller automata 


Contrary to the case of finite words, deterministic Btichi automata fail to 
recognize all recognizable sets of infinite words. This is the motivation for 
introducing Muller automata which are also deterministic, but have a more 
powerful acceptance mode. In this model, an infinite path p is final if the 
set Inf(p) belongs to a prescribed set T of sets of states. The definition of 
initial and successful paths are unchanged. 

A Muller automaton is a 5-tuple A = (Q, A, E,i, T) where (Q, A, E) is 
a deterministic automaton, i is the initial state and 7 is a set of subsets 
of Q, called the table of states of the automaton. The set of infinite words 
recognized by A is the set, denoted by L” (A), of labels of infinite successful 
paths in A. 

A fundamental result, due to R. McNaughton [18], states that any Biichi 
automaton is equivalent to a Muller automaton. 


Theorem 2.5. Any recognizable set of infinite words can be recognized by 
a Muller automaton. 


This implies in particular that recognizable sets of infinite words are 
closed under complementation, a result proved for the first time by Büchi 
in a direct way. 


2.3 Transition automata 


It is sometimes convenient to use a variant of automata in which a set of 
final transitions is specified, instead of the usual set of final states. This 
idea can be applied to all variants of automata. 

Formally, a Büchi transition automaton is a 5-tuple A = (Q, A, E, I, F) 
where (Q, A, E) is an automaton, I C Q is the set of initial states and 
F C E is the set of final transitions. If p is an infinite path, we denote by 
Infr(p) the set of transitions through which p goes infinitely often. A path 
p is final if it goes through F infinitely often, that is, if Infr(p)N F 4 Ø. 

Similarly, a transition Muller automaton is a 5-tuple A = (Q, A, E,I,T) 
where (Q, A, E) is a finite deterministic automaton, å is the initial state and 
T is a set of subsets of E, called the table of transitions of the automaton. 
A path is final if Infr(p) € T, that is, if the set of transitions occurring 
infinitely often in p is an element of the table. 


Proposition 2.6. 
(1) Büchi automata and transition Biichi automata are equivalent. 
(2) Muller automata and transition Muller automata are equivalent. 


3 Algebraic recognition modes 


In this section, we give an historical survey on the various algebraic notions 
of recognizability that have been considered. The two earlier ones, weak and 
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strong recognition, are now superseded by the notions of w-semigroupsand 
Wilke algebras. 

Recall that a semigroup is a set equipped with an associative operation 
which does not necessarily admit an identity. If S is a semigroup, S! denotes 
the monoid equal to S if S is a monoid, and to SU {1} if S is not a monoid. 
In the latter case, the operation of S' is completed by the rules 1s = s1 = s 
for each s € S1. An element e of S is idempotent if e? = e. 

The preorder <p is defined on S by setting s <p s’ if there exists t € 91 
such that s = s't. We also write s R s' ifs <p s' ands’ SR s and s <r 3’ 
ifs <p s’ and s’ <r s. The equivalence classes of the relation R are called 
the R-classes of S. 


3.1 Weak recognition 


The early attempts aimed at understanding the behaviour of a semigroup 
morphism from At onto a finite semigroup. The key result is a consequence 
of Ramsey’s theorem in combinatorics, which involves the notion of a linked 
pair: a linked pair of a finite semigroup S is a pair (s,e) of elements of S$ 
satisfying se = s and e? =e. 


Theorem 3.1. Let p : At — S be a morphism from A* into a finite 
semigroup S. For each infinite word u € A”, there exist a linked pair (s, e) 
of S and a factorization u = ugu- of u as a product of words of At such 
that y(uo) = s and y(un) = e for all n > 0. 


Theorem 3.1 is frequently used in a slightly different form: 


Proposition 3.2. Let y : At — S be a morphism from At into a fi- 
nite semigroup S. Let u be an infinite word of A”, and let u = uou,... 
be a factorisation of u in words of At. Then there exist a linked pair 
(s,e) of S and a strictly increasing sequence of integers (kn)n>0 such that 
puou: Uky—1) = S and plug, Uk, +1°**Ukngi—1) = € for every n > 0. 


Theorem 3.1 lead to the first attempt to extend the notion of rec- 
ognizable sets. Let us call y-simple a set of infinite words of the form 
y*(s) (p-t(e))”, where (s,e) is a linked pair of S. Then we say that a 
subset of A” is weakly recognized by ọ if it is a finite union of y-simple 
subsets. The following result justifies the term “recognized”. 


Proposition 3.3. A set of infinite words is recognizable if and only if it is 
weakly recognized by some morphism onto a finite semigroup. 


However, the notion of weak recognition has several drawbacks: there is 
no natural notion of syntactic semigroup, dealing with complementation is 
uneasy and more generally, the algebraic tools that were present in the case 
of finite words are missing. 
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3.2 Strong recognition 


This notion emerged as an attempt to obtain an algebraic proof of the 
closure of recognizable sets of infinite words under complement. 

Let y : At — S bea morphism from A? into a finite semigroup S. Then 
y strongly recognizes (or saturates) a subset X of A” if all the y-simple sets 
have a trivial intersection with X, that is, for each linked pair (s,e) of S, 


p(s) (97 (e))? NX = g or p(s) (p (e))? CX 


Theorem 3.1 shows that A” is a finite union of -simple sets. It follows 
that if a morphism strongly recognizes a set of infinite words, then it also 
weakly recognizes it. Furthermore, Proposition 3.3 can be improved. 


Proposition 3.4. A set of infinite words is recognizable if and only if it is 
strongly recognized by some morphism onto a finite semigroup. 


The proof relies on a construction which is interesting on its own right. 
Given a semigroup S, we define a new semigroup 


T={(§2)| s€S, P is a subset of S x S} 


with multiplication defined by 
(Eee) = (0s) 
where sQ = {(sq1, 92) | (41,42) E€ Q} and Pt = {(p1,pat) | (p1, p2) € P}. 


Let now y be a morphism from At onto S. Then one can show that the 
map w: At — T defined by 


vu) = (PP 20.) with rfu) = {(g (en), plua) | u = uua} 


is a semigroup morphism and that any set of infinite words weakly recog- 
nized by y is strongly recognized by w. 


Proposition 3.4 leads to a simple proof of Biichi’s complementation theorem. 


Corollary 3.5. Recognizable sets of infinite words are closed under com- 
plement. 


Proof. Indeed, if a morphism strongly recognizes a set of infinite words, it 
also recognizes its complement. Q.E.D. 
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3.3 w-semigroups and Wilke algebras 


Although strong recognition constituted an improvement over weak recogni- 
tion, there were still obstacles to extend to infinite words Eilenberg’s variety 
theorem, which gives a correspondence between recognizable sets and finite 
semigroups. The solution was found by Wilke [38] and reformulated in 
slightly different terms by the two last authors in [24]. The idea is to use 
an algebraic structure, called an w-semigroup, which is a sort of semigroup 
in which infinite products are defined. This structure was actually implicit 
in the original construction of Biichi to recognize the complement [7]. 
3.3.1 w-semigroups 
An w-semigroup is a two-sorted algebra S = (S4, Sw) equipped with the 
following operations: 

(a) A binary operation defined on S4} and denoted multiplicatively, 

(b) A mapping S4 x Sw > Sw, called mixed product, that associates with 

each pair (s,t) E€ S4 x Sù an element of Su denoted st, 

(c) A surjective mapping 7: SY — Sw, called infinite product 
These three operations satisfy the following properties: 

(1) S4, equipped with the binary operation, is a semigroup, 

(2) for every s,t € S4 and for every u € Sw, s(tu) = (st)u, 

(3) for every increasing sequence (kn)n>o and for every sequence (5n)n>0 

of elements of S4, 


T8081 1t Sky—-1, $k, Ski41 ``’ Sko-1; -- .) = (So, $1, 52,-- .) 
(4) for every s € S4 and for every sequence (Sn)n>0 of elements of S4, 
81 (80, $1, $2,.--) = T(S, S0, $1, $2,---) 


These conditions can be thought of as an extension of associativity. In 
particular, conditions (3) and (4) show that one can replace 7(5o, $1, $2,...) 
by s98152:-- without ambiguity. We shall use this simplified notation in 
the sequel. 


Example 3.6. 

(1) We denote by A® the w-semigroup (At, A”) equipped with the usual 
concatenation product. One can show that A% is the free w-semigroup 
generated by A. 

(2) The trivial w-semigroup is the w-semigroup 1 = ({1}, {a}), obtained 
by equipping the trivial semigroup {1} with an infinite product: the 
unique way is to declare that every infinite product is equal to a. 

(3) Consider the w-semigroup S = ({0,1}, {a}) defined as follows: every 
infinite product is equal to a and every finite product 5951... is 
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equal to 0 except if all the s;’s are equal to 1. In particular, the 
elements 0 and 1 are idempotents and thus, for all n > 0, 1” 4 0”. 
Nevertheless 1” = 0% = a. 


These examples, especially the third one, make apparent an algorithmic 
problem. Even if the sets S4 and Sæ are finite, the infinite product is still 
an operation of infinite arity and it is not clear how to define it as a finite 
object. The problem was solved by Wilke [38], who proved that finite w- 
semigroups are totally determined by only three operations of finite arity. 
This leads to the notion of Wilke algebras, that we now define. 


3.3.2 Wilke Algebras 
A Wilke algebra is a two-sorted algebra S = (S4, Sw), equipped with the 
following operations: 

(1) an associative product on S4, 

(2) a mixed product, which maps each pair (s,t) € S4 x Sù onto an 
element of Su denoted by st, such that, for every s,t € S; and for 
every u E€ Sw, s(tu) = (st)u, 

(3) a map from S4 in Sw, denoted by s — s* satisfying, for each s, t € S4, 


s(ts)® = (st)” 
(s")* = s” for each n > 0 


and such that every element of Sy can be written as st” with s,t € S4. 
Wilke’s theorem states the equivalence between finite Wilke algebra and 

finite w-semigroup. A consequence is that for a finite w-semigroup, any 

infinite product is equal to an element of the form st”, with s,t € S4. 


Theorem 3.7. Every finite Wilke algebra S = (S4, Sw) can be equipped, 
in a unique way, with a structure of w-semigroup that inherits the given 
mixed product and such that, for each s € S4, the infinite product sss--- 
is equal to s“. 


We still need to define morphisms for these algebras. We shall just give 
the definition for w-semigroups, but the definition for Wilke algebras would 
be similar. 


3.3.3 Morphisms of w-semigroups 

As w-semigroups are two-sorted algebras, morphisms are defined as pairs 
of morphisms. Given two w-semigroups S = (S4, Sw) and T = (T}, Tu), a 
morphism of w-semigroups S is a pair p = (y+, w) consisting of a semi- 
group morphism y+ : S+ — T, and of a mapping Yw : Sw — Tu preserving 
the infinite product: for every sequence (Sn)nen of elements of S4, 


Pu (s08182°*+) = 94(S0)~+(51) p+ (S2) °° 
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It is an easy exercise to verify that these conditions imply that y also pre- 
serves the mixed product, that is, for all s € S4, and for each t € Sw, 


p+(s)pu(t) = pu (st) 


Algebraic concepts like isomorphism, w-subsemigroup, congruence, quo- 
tient, division are easily adapted from semigroups to w-semigroups. We 
are now ready for our algebraic version of recognizability. 


3.3.4 Recognition by morphism of w-semigroups. 

In the context of w-semigroups, it is more natural to define recognizable 
subsets of A®, although we shall mainly use this definition for subsets of 
A“. This global point of view has been confirmed to be the right one in 
the study of words indexed by ordinals or by linear orders [3, 4, 5, 6, 28]. 
Thus a subset X of A% is split into two components X, = X N A* and 
Xy = XN AY. 

Let S = (S4, Sw) be a finite w-semigroup, and let p : A® — S bea 
morphism. We say that y recognizes a subset X of A if there exist a pair 
P = (P,,P,,) with P} C S} and P, C Su such that X} = y} (P+) and 
Xou = v,'(P.). In the sequel, we shall often omit the subscripts and simply 
write X = y~!(P). It is time again to justify our terminology by a theorem, 
whose proof will be given in Section 5. 


Theorem 3.8. A set of infinite words is recognizable if and only if it is 
recognized by some morphism onto a finite w-semigroup. 


Example 3.9. Let A = {a,b}, and consider the w-semigroup 


S = ({1,0}, {1°,0°}) 


equipped with the operations 11 = 1, 10 = 01 = 00 = 0, 11% = 1%, 
10% = 00" = 01% = 0%. Let y: AY — S be the morphism of w-semigroups 
defined by y(a) = 1 and y(b) = 0. We have 


od) =a" (finite words containing no occurrence of b), 

y (0) = A*bA* (finite words containing at least one occurrence of b), 
or?) = a” (infinite words containing no occurrence of b), 
yp '(0%) = A“ \ a” (infinite words containing at least one occurrence of b), 


The morphism y recognizes each of these sets, as well as any union of these 
sets. 


Example 3.10. Let us take the same w-semigroup S and consider the 
morphism of w-semigroups y : AY — S defined by y(a) = s for each a € A. 
We have y-1!(s) = At, yp} (t) = Ø and »!(u) = AY. Thus the morphism 
y recognizes the empty set and the sets At, AY and A®™. 
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Example 3.11. Let A = {a,b}, and consider the w-semigroup 


S= ({a, b}, {a”, b*}) 
equipped with the following operations: 


aa=a ab=a aa” = a” ab” S 


ba = b bb = b ba” = b” bb” = b” 


The morphism of w-semigroups y : AP — S defined by y(a) = a and 
p(b) = b recognizes aA“ since we have y~!(a”) = aA“. 


Boolean operations can be easily translated in terms of morphisms. Let 
us start with a result which allows us to treat separately, the subsets of A+ 
and those of Aw. 


Proposition 3.12. Let y be a morphism of w-semigroups recognizing a 
subset X of A%. Then the subsets X4, Xu, X+ U AY and At U Xu are also 
recognized by y. 


We now consider the complement. 


Proposition 3.13. Let y be a morphism of w-semigroups recognizing a 
subset X of A” (resp. A}, Aw). Then ọ also recognizes the complement 
of X in A® (resp. A4, Aw). 


For union and intersection, we have the following results. 


Proposition 3.14. Let (y;)ier : A” — Si be a family of surjective mor- 
phisms recognizing a subset X; of A°%. Then the subsets Uj-- Xi and 
Nicer Xi are recognized by an w-subsemigroup of the product J J;e p Si- 


In the same spirit, the following properties hold: 


Proposition 3.15. Let a: A® — B® be a morphism of w-semigroups 
and let p be a morphism of w-semigroups recognizing a subset X of B”. 
Then the morphism ¢ o a recognizes the set a~'(X). 


4 Syntactic congruence 


The definition of the syntactic congruence of a recognizable subset of infinite 
words is due to Arnold [1]. It was then adapted to the context of w-semi- 
groups. Therefore, this definition can be given for recognizable subsets of 
A™, but we restrict ourself to the case of subsets of A”. 

The syntactic congruence of a recognizable subset of A” is defined on 
At by u ~y v if and only if, for each 2, y € A* and for each z € AF, 


auyz” € X => rvyz” € X 


x(uy)” € X => r(vy)” € X (ft) 
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and on A” by u ~y v if and only if, for each x € A*, 
zu E X 4> rww E X (4.2) 


The syntactic w-semigroup of X is the quotient of A® by the syntactic 
congruence of X. 


Example 4.1. Let A = {a,b} and X = {a”}. The syntactic congruence 
of X divides At into two classes: at and A*bA* and A“ into two classes 
also: A*bAY and a”. The syntactic w-semigroup of X is the four element 
w-semigroup of Example 3.9. 


Example 4.2. Let A = {a,b} and let X = aA”. The syntactic w-semi- 
group of X is the w-semigroup of Example 3.11. 


Example 4.3. When X is not recognizable, the equivalence relation ~ 
defined on At by (4.1) and on A” by (4.2) is not in general a congruence. 
For instance, let A = {a,b} and X = {ba'ba?ba?b--- }. We have, for each 
n > 0, b ~y ba”, but nevertheless ba'ba?ba?b--- is not equivalent to b” 
since batba*ba3b---€ X but bY ¢ X. 


Example 4.4. Let X = (a{b,c}* U {b})”. We shall compute in Example 
5.3 an w-semigroup S recognizing this set. One can show that its syntac- 
tic w-semigroup is S(X) = ({a, b,c, ca}, {a”, c, (ca)”}), presented by the 
relations 


a=a ab=a ac=a ba=a b =b 
be=c ch=c C=c bY = a” ba” = a” 


ac’ =c” ca” =(ca)” a(ca)* =a” b(ca)® = (ca)” c(ca)” = (ca)” 


The syntactic w-semigroup is the least w-semigroup recognizing a recogniz- 
able set. More precisely, we have the following statement: 


Proposition 4.5. Let X be a recognizable subset of A®. An w-semigroup 
S recognizes X if and only if the syntactic w-semigroup of X is a quotient 
of S. 


Note in particular that, if u ~x v for two words u,v of At, then, for all 
xz € A* and z € A” 
cuz E€ X 4> tvz E X (4.3) 


Indeed, if y : A — S denotes the syntactic morphism of X, the condition 
u ~y v implies y(u) = (v). It follows that y(xuz) = p(xvz), which gives 
(4.3). 
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5 Conversions from one acceptance mode into one 
another 


In this section, we explain how to convert the various acceptance modes one 
into one another. We have already seen how to pass from weak to strong 
recognition by a finite semigroup. We shall now describe, in order, the 
conversions form weak recognition to Büchi automata, from Biichi automata 
to w-semigroups, from strong recognition to w-semigroups and finally from 
weak recognition to Muller automata. 


5.1 From weak recognition to Biichi automata 


Let y: At — S be a morphism from At onto a finite semigroup S. First 
observe that, given Büchi automata Aj, ..., An, their disjoint union recog- 
nizes the set LY’(A,)U...UL”(A,). Therefore, we may suppose that X is 
a y-simple set of infinite words, say X = y~'(s)(y~*(e))” for some linked 
pair (s,e) of S. We construct a nondeterministic Biichi automaton A that 
accepts X as follows. The set Q of states of A is the set S? = SU {f} 
where f is a new neutral element added to S even if S has already one. 
The product of S is thus extended to S7 by setting tf = ft = t for any 
t € S!. The initial state of A is s and the unique final state is f. The set 
of transitions is 


E={y(a)t = t|a € AandtEe Q} 
U{f = t|ac€A,tEQ and y(a)t = e}. 


Let t € S. It is easily proved that a word w satisfies p(w) = t if and only 
if it labels a path from t to f visiting f only at the end. It follows that w 
labels a path from f to f if and only if y(w) = e and thus A accepts X. 

The previous construction has one main drawback. The transition semi- 
group of the automaton A may not belong to the variety of finite semigroups 
generated by S, as shown by the following example. 


Example 5.1. Let S be the semigroup {0, 1} endowed with the usual mul- 
tiplication. Let A be the alphabet {a,b} and y: At — S be the morphism 
defined by y(a) = 0 and (b) = 1. Let (s,e) be the pair (0,0). The set 
yp '(s)(y-*(e))” is thus equal to (b*a)”. The automaton A obtained with 
the previous construction is pictured in Figure 1. The semigroup S is com- 
mutative but the transition semigroup of A is not. Indeed, there is a path 
from 1 to 0 labeled by ba but there is no path from 1 to 0 labeled by ab. 


In order to solve this problem, Pécuchet [21] proposed the following 
construction, which is quite similar to the previous one but has better prop- 
erties. The set of states of the automaton is still the set S? = SU{f}. The 
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FIGURE 1. The automaton A. 


initial state is s and the unique final state is f. The set E of transitions is 
modified as follows: 


E={t'4t|acA,t,t' €Q and (t = y(a)t or t'e = y(a)t)} 


The automaton 6 obtained with this construction is pictured in Figure 2. 
It can be proved that for any states t and t’, there is a path from t to t 


a 


FIGURE 2. The automaton B. 


labeled by w if and only if t = y(w)t or t'e = y(w)t. It follows that if two 
words w and w’ satisfy p(w) = y(w’), there is path from t to t labeled 
by w if and only if there is path from t’ to t labeled by w’. This means that 
the transition semigroup of the automaton 6 divides the semigroup S and 
hence belongs to the variety of finite semigroups generated by S. 
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5.2 From Biichi automata to w-semigroups 
Let A = (Q, A, E,I, F) be a Biichi automaton recognizing a subset X of 
A“. The idea is the following. Given a finite word u and two states p and 
q, we define a multiplicity expressing the following possibilities for the set 
P of paths from p to q labeled by u: 

(1) P is empty, 

(2) P is nonempty, but contains no path visiting a final state, 

(3) P contains a path visiting a final state. 
Our construction makes use of the semiring K = {—oo,0,1} in which ad- 
dition is the maximum for the ordering —oo < 0 < 1 and multiplication, 
which extends the Boolean addition, is given in Table 1. Conditions (1), 
(2) and (3) will be encoded by —oo, 0 and 1, respectively. Formally, we 


TABLE 1. The multiplication table. 


associate with each finite word u a (Q x Q)-matrix u(u) with entries in K 
defined by 
—oo in case (1), 
L(t) p,q = 40 in case (2), 
1 in case (3) 


It is easy to see that u is a morphism from At into the multiplicative 
semigroup of Q x Q-matrices with entries in K. Let S4 = u( A+). 

The next step is to complete our structure of Wilke algebra by defining 
an appropriate set Sọ, an w-power and a mixed product. The solution 
consists in coding infinite paths by column matrices of KẸ, in such a way 
that each coefficient u(u)p codes the existence of an infinite path of label u 
starting at p. 

The usual product of matrices induces a mixed product KXQ x KÈ > 
KS. In order to define the operation w on square matrices, we need the 
following definition. Given a matrix s of S4}, we call infinite s-path starting 
at p a sequence p = po,p1,... of states such that, for all i, 8p, ,,, Æ —00. 
An s-path is said to be successful if sp, p,,, = 1 for an infinite number of 
indices 7. We define the column matrix s“ as follows. For every p € Q, 


a ‘ if there exists a successful s-path of origin p, 


—oo otherwise 
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Note that the coefficients of this matrix can be effectively computed. Indeed, 
computing sý amounts to checking the existence of circuits containing a 
given edge in a finite graph. 

Finally, Su is the set of all column matrices of the form st’, with s,t € 
S4. One can verify that S = (S4, Sw), equipped with these operations, is a 
Wilke algebra. Further, the morphism pu can be extended in a unique way 
as a morphism of w-semigroups from A% into S which recognizes the set 


L” (A). 
Example 5.2. Let A be the Biichi automaton represented in Figure 3. The 


a 


b 


FIGURE 3. A Biichi automaton. 
morphism ps: AP — S(A) is defined by the formula 
ula) = (2 7°) and p(b) = (% bo) 

The w-semigroup generated by these matrices contains five elements: 

= 0 —oo paa w —_ ({—oo w _ e 2) wi 
Ger) OS Terea en) sO ae) Pte), ae Cea) 
and is presented by the relations: 

a@=a ab=b ba=b b =b aa =a” ab =” bY =b” 


Example 5.3. Let X = (a{b,c}* U {b})”. A Büchi automaton recognizing 
X is represented in Figure 4. For this automaton, the previous computation 


FIGURE 4. An automaton. 


provides an w-semigroup with nine elements 


S = ({a, b, C, ba, ca}, {a”, bY, ce, (ca)*}) 5 
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where 
Boece) Police), PCr) ba = (41) 
ca = (“P° a) 
a” = (_&) bY = (7) c= (<8) (ca)? = (“7°) 
It is presented by the following relations: 
oe ab=a ac=a b =b be=c 
cbh=c e=c (ba)? = bY = aa” = a” ab” = a” 
ac’ = c a” =a(ca)® ba? =b”  bb® =b” bc? = c” 


b(ca)” = (ca) ca” =(ca)” (ca)? = cb” cc? =e elca)” = (ca)” 


Note that the syntactic w-semigroup S(X) of X is not equal to S. To 
compute S(X), one should first compute the image of X in S, which is 
P = {a”,b’}. Next, one should compute the syntactic congruence ~p of P 
in S, which is defined on Sy by u ~p v if and only if, for every x,y,z E€ S4 


guyz” € P= > avyz” € P 


5.4 
x(uy)” € P= > x(vy)” € P (5:4) 

and on SY” by u ~p v if and only if, for each x € S4, 
zu E€ P 4> xve P (5.5) 


Here we get a ~p ba and a” ~p b” and hence we recovered the semigroup 
S(X) = ({a,b, c, ca}, {a”, c”, (ca)*}) 
presented in Example 4.4. 


5.3 From strong recognition to w-semigroups 


It is easy to associate a Wilke algebra S = (S, Su) to a finite semigroup S. 

Let m be the exponent of S, that is, the smallest integer n such that s” 
is idempotent for every s E€ S. Two linked pairs (s,e) and (s’,e’) of S are 
said to be conjugate if there exist x,y € S! such that e = xy, e’ = yx and 
s’ = sx. These equalities also imply s = s'y (since s'y = sry = se = s), 
showing the symmetry of the definition. One can verify that the conjugacy 
relation is an equivalence relation on the set of linked pairs of S. We shall 
denote by [s, e] the conjugacy class of a linked pair (s, e). 

We take for Sw the set of conjugacy classes of the linked pairs of S. One 
can prove that the set S is equipped with a structure of Wilke algebra by 
setting, for each [s,e] E€ Su and t € S, 


t[s,e] = [ts,e] and t” = |t", t"] 
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The definition is consistent since if (s’, e’) is conjugate to (s, e), then (ts’, e”) 
is conjugate to (ts,e). It is now easy to convert strong recognition to recog- 
nition by an w-semigroup. 


Proposition 5.4. Ifa set of infinite words is strongly recognized by a finite 
semigroup S, then it is recognized by the w-semigroup S. 


5.4 From weak recognition to Muller automata 


The construction given by Le Saec, Pin and Weil [29, 16] permits to convert 
a semigroup that weakly recognizes a set of infinite words into a transition 
Muller automaton. It relies, however, on two difficult results of finite semi- 
group theory. Recall that a semigroup is idempotent if all its elements are 
idempotent and R-trivial if the condition s R t implies s = t. 

The first one is a cover theorem also proved in [29, 16]. Recall that the 
right stabilizer of an element s of a semigroup S is the set of all t € S such 
that st = s. These stabilizers are themselves semigroups, and reflect rather 
well the structure of S: if S is a group, every stabilizer is trivial, but if 
S is has a zero, the stabilizer of the zero is equal to S. Here we consider 
an intermediate case: the stabilizers are idempotent and ?-trivial, which 
amounts to saying that, for each s,t,u € S, the condition s = st = su 
implies t? = t and tut = tu. We can now state the cover theorem precisely. 


Theorem 5.5. Each finite semigroup is the quotient of a finite semigroup 
in which the right stabilizers satisfy the identities x = x? and zyz = xy. 


The second result we need is a property of path congruences due to 
I. Simon. A proof of this property can be found in [14]. Given an automaton 
A, a path congruence is an equivalence relation on the set of finite paths of 
A satisfying the following conditions: 
(1) any two equivalent paths are coterminal (that is, they have the same 
origin and the same end), 
(2) if p and q are equivalent paths, and if r, p and s are consecutive paths, 
then rps is equivalent to rqs. 


Proposition 5.6 (I. Simon). Let ~ be a path congruence such that, for 
every pair of loops p, q around the same state, p? ~ p and pq ~ qp. Then 
two coterminal paths visiting the same sets of transitions are equivalent. 


We are now ready to present our algorithm. Let X be a recognizable 
subset of A” and let y: At — S be a morphism weakly recognizing X. By 
Theorem 5.5, we may assume that the stabilizers of S satisfy the identities 
x? = x and xyx = xy. Let S! be the monoid equal to S if S is a monoid 


and to SU {1} if S is not a monoid. 
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One naturally associates a deterministic automaton (S1, A,-) to Y by 
setting, for every s € S! and every a € A 


s -a = s(a). 


Let s be a fixed state of $+. Then every word u is the label of exactly one 
path with origin s, called the path with origin s defined by u. 

Let A = (S',A,-,1,7) be the transition Muller automaton with 1 as 
initial state and such that 


T = ({Infr(u) |u € X}. 


We claim that A recognizes X. First, if u € X, then Infr(u) € T by 
definition, and thus u is recognized by A. Conversely, let u be an infinite 
word recognized by A. Then 


Infr(u) = Infr(v) =T for some v € X. 


Thus, both paths u and v visit only finitely many times transitions out of 
T. Therefore, after a certain point, every transition of u (resp. v) belongs 
to T, and every transition of T is visited infinitely often. Consequently, one 
can find two factorizations u = upujug-:: and v = vovv: and a state 
s E€ S such that 


(1) uo and vo define paths from 1 to s, 


(2) for every n > 0, un and vn define loops around s that visit at least 
once every transition in T and visit no other transition. 


The situation is summarized in Figure 5 below. Furthermore, Proposition 


U1 


FIGURE 5. 


3.2 shows that, by grouping the u,’s (resp. v;’s) together, we may assume 
that 


(ui) = (uz) = p(us) =... and (v1) = (v2) = (v3) 


It follows in particular 
ugvy E€ X (5.6) 
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since y(uo) = (vo) = s, Y(v1) = Y(vg) =... and vou v2--- € X. Further- 
more, 
weX ifandonly if uou € X (5.7) 


To simplify notation, we shall denote by the same letter a path and its label. 
We define a path equivalence ~ as follows. Two paths p and q are equivalent 
if p and q are coterminal, and if, for every nonempty path x from 1 to the 
origin of p, and for every path r from the end of p to its origin, x(pr)” € X 
if and only if x(qr)” € X. 


FIGURE 6. 


Lemma 5.7. The equivalence ~ is a path congruence such that, for every 
pair of loops p, q around the same state, p? ~ p and pq ~ qp. 


Proof. We first verify that ~ is a congruence. Suppose that p ~ q and let u 
and v be paths such that u, p and v are consecutive. Since p ~ q, p and q are 
coterminal, and thus upv and uqv are also coterminal. Furthermore, if x is a 
nonempty path from 1 to the origin of upv, and if r is a path from the end of 
upv to its origin such that x(upur)” € X, then (au)(p(uru))” € X, whence 
(xu)(q(uru))” € X since p ~ q, and thus z(uqur)® € X. Symmetrically, 
x(uqur)” € X implies z(upvr)” € X, showing that upv ~ uqv. 

Next we show that if p is a loop around s € S, then p? ~ p. Let x 
be a nonempty path from 1 to the origin of p, and let r be a path from 
the end of p to its origin. Then, since p is a loop, y(x)y(p) = (x). Now 
since the stabilisers of S are idempotent semigroups, (p) = (p?) and thus 
x(pr)” € X if and only if x(p?r)” € X since ọ recognizes X. 

Finally, we show that if p and q are loops around the same state s, then 
pq ~ qp. Let, as before, x be a nonempty path from 1 to the origin of p, 
and let r be a path from the end of p to its origin. Then r is a loop around 
s. We first observe that 


a(pq)” E€ X ==> z(qp)” € X (5.8) 


Indeed x(pq)” = xp(qp)”, and since p is a loop, y(x)y(p) = y(x). Thus 
xp(qp)” € X if and only if x(qp)” € X, then proving (5.8). Now, we have 
the following sequence of equivalences 
u(pgr)” E€ X 4> x(pqrq)” E X 4> x(rqpq)” E€ X 
<> r(rqp)” € X <=> zr(qpr)” € X, 
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where the second and fourth equivalences follow from (5.8) and the first 
and third from the identity xyz = xy satisfied by the right stabilizer of 
p(z). Q.E.D. 


We can now conclude the proof of Theorem 2.5. By assumption, the two 
loops around s defined by u; and v; visit exactly the same sets of transitions 
(namely T). Thus, by Lemma 5.7 and by Proposition 5.6, these two paths 
are equivalent. In particular, since uov¥ € X by (5.6), we have uou? € X, 
and thus u € X by (5.7). Therefore A recognizes X. 


6 An algebraic proof of McNaughton’s theorem 


McNaughton’s celebrated theorem states that any recognizable subset of 
infinite words is a Boolean combination of deterministic recognizable sets. 
This Boolean combination can be explicitly computed using w-semigroups. 
This proof relies on a few useful formulas of independent interest on deter- 
ministic sets. Note that McNaughton’s theorem can be formulated as the 
equivalence of Büchi and Muller automata. Thus the construction described 
in Section 5.4 gives an alternative proof of McNaughton’s theorem. Yet an- 
other proof is due to Safra [30]. It provides a direct construction leading to 
a reduced computational complexity. 

Let S be a finite w-semigroup and let y : A — S be a surjective 
morphism recognizing a subset X of A“. Set, for each s € S4, Xs = y7! (s). 
Finally, we denote by P the image of X in S and by F(P) the set of linked 
pairs (s,e) of S4 such that se” € P. 

For each s € S4, the set P, = Xs \ XAT is prefix-free, since a word of 
P, cannot be, by definition, prefix of another word of P,;. Put 


E, = { f € S4 | f? and sf = s} = {f € S4 | (s, F) is a linked pair}, 
and denote by < the relation on Es defined by 
g S e if and only if eg = g. 


It is the restriction to the set E, of the preorder <p, since, if g = ex then 
eg = eex = ex = g. We shall use the notation e < g if e < g and if g £ e. 
To simplify notation, we shall suppose implicitly that for every expression 
of the form X, X? or XsPp, the pair (s, f) is a linked pair of S4. 


Proposition 6.1. For each linked pair (s,e) of S4, the following formula 
holds 
—s 
XX? C XPa C |] XXY. (6.9) 
fse 
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Corollary 6.2. 
(1) For every idempotent e of S4, the following formula holds 


— 
Xe = X.P.. (6.10) 
(2) For every linked pair (s,e) of S4}, we have 


LJ x.x9 = LJ X.P}. (6.11) 
f<e f<e 


Proof. Formula (6.10) is obtained by applying (6.9) with s = e. Formula 
(6.11) follows by taking the union of both sides of (6.9) for f <e. Q.E.D. 


The previous statement shows that a set of the form XY, with e idem- 


potent, is always deterministic. This may lead the reader to the conjecture 
that every subset of the form X“, where X is a recognizable subset of AT, 
is deterministic. However, this conjecture is ruined by the next example. 


Example 6.3. Let X = (a{b,c}*U {b})”. The syntactic w-semigroup of Y 
has been computed in Example 4.4. In this w-semigroup, b is the identity, 
and all the elements are idempotent. The set X can be split into simple 
elements as follows: 


X = p! (a) g (b) Up la)” 
= b*a{a, b, c}¥*“b” U (b* a{a, b, c}*)”. 


It is possible to deduce from the previous formulas an explicit Boolean 
combination of deterministic sets. 


Theorem 6.4. The following formula holds 
x= U Uxx? (6.12) 
(s,e)EF(P) fRe 


and, for each (s,e) € F(P), 
b = => 
U X Xf = (Use \ Vse) (6.13) 
fRe 
where Us e and Vs e are the subsets of At defined by: 
Use =|] XsP} and Vi6='() X5P; 


f<e f<e 


In particular, X is a Boolean combination of deterministic sets. 
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For a proof, see [25, p. 120]. One can also obtain a characterization of the 
deterministic subsets. 


Theorem 6.5. The set X is deterministic if and only if, for each linked 
pairs (s,e) and (s, f) of S; such that f < e, the condition se” € P implies 
sf” € P. In this case 
—> 
X S XP (6.14) 
(s,e)EF(P) 


For a proof, see [25, Theorem 9.4, p. 121]. 


Example 6.6. We return to Example 6.3. The image of X in its syntactic 
w-semigroup is the set P = {a”}. Now, the pairs (a,b) and (a,c) are linked 
pairs of S}, since ab = ac = a and we have c < b since bc = c. But 
ab? = a” € P, and ac’ = œ ¢ P. Therefore X is not deterministic. 


The proof of McNaughton’s theorem described above is due to Schützen- 
berger [31]. It is related to the proof given by Rabin [27] and improved by 
Choueka [12]. See [25, p. 72] for more details. 


7 Prophetic automata 


In this section, we introduce a new type of automata, called prophetic, 
because in some sense, all the information concerning the future is encoded 
in the initial state. We first need to make precise a few notions on Büchi 
automata. 


7.1 More on Büchi automata 


There are two competing versions for the notions of determinism and co- 
determinism for a trim automaton. In the first version, the notions are 
purely local and are defined by a property of the transitions set. They 
give rise to the notions of automaton with deterministic or co-deterministic 
transitions introduced in Section 2. The second version is global: a trim 
automaton is deterministic if it has exactly one initial state and if every 
word is the label of at most one initial path. Similarly, a trim automaton 
is co-deterministic if every word is the label of at most one final path. 

The local and global notions of determinism are equivalent. The local 
and global notions of co-determinism are also equivalent for finite words. 
However, for infinite words, the global version is strictly stronger than the 
local one. 


Lemma 7.1. A trim Büchi automata is deterministic if and only if it has 
exactly one initial state and if its transitions are deterministic. Further, 
if a trim Büchi automata is co-deterministic, then its transitions are co- 
deterministic. 
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The notions of complete and co-complete Büchi automata are also global 
notions. A trim Biichi automata is complete if every word is the label of 
at least one initial path. It is co-complete if every word is the label of 
at least one final path. Unambiguity is another global notion. A Biichi 


Det. transitions | Co-det. transitions 


Forbidden Forbidden Forbidden 


configuration: configuration: configuration: 


a A Da u 


W @y * 


where a is a letter. where a is a letter. where u is a word. 


Deterministic Co-deterministic Unambiguous 


Two initial paths 
with the same label Two final paths 
are equal + exactly with the same label 
are equal 


Two successful 
paths with the 
same label are 


one initial state equal 


Complete Co-complete 


Every word is the Every word is the 
label of some label of some 
initial path final path 


TABLE 2. Summary of the definitions. 


automaton A is said to be w-unambiguous if every infinite word in is the 
label of at most one successful path. It is clear that any deterministic or 
co-deterministic Büchi automaton is w-unambiguous, but the converse is 
not true. The various terms are summarized in Table 2. 


7.2 Prophetic automata 


By definition, a prophetic automaton is a co-deterministic, co-complete 
Buchi automaton. Equivalently, a Buchi automaton is prophetic if every 
word is the label of exactly one final path. Therefore, a word is accepted if 
the unique final path it defines is also initial. The main result of this section 
shows that prophetic and Büchi automata are equivalent. 


Theorem 7.2. Any recognizable set of infinite words can be recognized by 
a prophetic automaton. 
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It was already proved independently in [19] and [2] that any recognizable 
set of infinite words is recognized by a codeterministic automaton, but the 
construction given in [2] does not provide unambiguous automata. 

Prophetic automata recognize infinite words, but the construction can 
be adapted to biinfinite words. Two unambiguous automata on infinite 
words can be merged to make an unambiguous automaton on biinfinite 
words. This leads to an extension of McNaughton’s theorem to the case of 
biinfinite words. See [25, Section 9.5] for more details. 

Theorem 7.2 was originally formulated by Michel in the eighties but 
remained unpublished for a long time. Another proof was found by the 
first author and the two proofs were finally published in [10, 11]. Our 
presentation follows the proof which is based on w-semigroups. We start 
with a simple characterization. 


Proposition 7.3. Let A = (Q, A, E,I, F) be a Biichi (transition Biichi) 
automaton and let, for each q € Q, La = L” (Q, A, E,¢,F). 

(1) A is co-deterministic if and only if the L,’s are pairwise disjoint. 

(2) A is co-complete if and only if Ugeg Lq = A”. 


Proof. (1) If A is co-deterministic, the L,’s are clearly pairwise disjoint. 
Suppose that the L,’s are pairwise disjoint and let po 1, p —> po 
and qo => qı Æ> q2 -+: be two infinite paths with the same label u = 
aga1-+-. Then, for each i > 0, aiai+ı ++} E L(pi) O L(qi), and thus p; = qi. 
Thus A is co-deterministic. 
(2) follows immediately from the definition of co-complete automata. 
Q.E.D. 


Example 7.4. A prophetic automaton is presented in Figure 7. The cor- 
responding partition of A” is the following: 


Lo = A* ba” (at least one, but finitely many b) 
Li =a” (no b) 

L = a( A* b)” (first letter a, infinitely many b) 
L3 = b(A*b)” (first letter b, infinitely many b) 


Example 7.5. Another example, recognizing the set A*(ab)”, is presented 
in Figure 8. 


Complementation becomes easy with prophetic automata. 


Proposition 7.6. Let A = (Q, A, E,I, F) be a prophetic automaton rec- 
ognizing a subset X of A”. Then the Biichi automaton (Q, A, £,Q \ I, F) 
recognizes the complement of X. 
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FIGURE 8. A prophetic automaton recognizing A*(ab)”. 


It is easier to prove Theorem 7.2 for a variant of prophetic automata that 
we now define. A prophetic transition automaton is a co-deterministic, 
co-complete, transition automaton. Proposition 2.6 states that Büchi au- 
tomata and transition Biichi automata are equivalent. It is not difficult to 
adapt this result to prophetic automata [25, Proposition I.8.1]. 


Proposition 7.7. Prophetic and transition prophetic automata are equiv- 
alent. 


Thus Theorem 7.2 can be reformulated as follows. 


Theorem 7.8. Any recognizable set of infinite words can be recognized by 
a prophetic transition automaton. 


Proof. Let X be a recognizable subset of A“, let p : A — S be the 
syntactic morphism of X and let P = y(X). Our construction strongly 
relies on the properties of >R-chains of the semigroup S4 and requires a 
few preliminaries. 


We shall denote by R the set of all nonempty >-chains of S4: 


R = {(s0,51,-.-; Sn) |n > 0, S0,- -., Sn E S and so >R sı >R >R Sn} 
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In order to convert a >p-chain into a strict >p-chain, we introduce the 
reduction p, defined inductively as follows 


ne aje p(S1,---;8n—1) if Sn R Sn—1 
l; e.. — 7 
i (P(51,---,Sn—1); Sn) if Sn-1 >R Sn 


In particular, for each finite word u = apa, --- Gy, (where the a;’s are letters), 
let G(u) be the >R-chain p(so,$1,...,$8n), where s; = y(aoai---a;) for 
O<i<n. The definition of 6 can be extended to infinite words. Indeed, if 
u = aga,--- is an infinite word, 


50 2R $1 ZR $2... 


and since S4 is finite, there exists an integer n, such that, for all i,j > n, 
si R sj. Then we set ¢(u) = (ao... an). 
Define a map from Ax S} into S} by setting, for each a € A and s € Sj, 


a: s = y(a)s 


We extend this map to a map from A x R into R by setting, for each a € A 
and (s1,...,5n) € R, 


a: (81,---;8n) = pla: l,a: S1,..., a Sn) 
To extend this map to A*, it suffices to apply the following induction rule, 
where u € At anda € A 
(ua): ($1,---, Sn) = u: (a (S1,.--,Sn)) 
This defines an action of the semigroup At on the set R in the sense that, 
for all u,v € A* andr € R, 
(uv): r = u(v: r) 


The connections between this action, y and ¢ are summarized in the next 
lemma. 


Lemma 7.9. The following formulas hold: 
(1) For each u € At and v € A”, u- y(v) = p(ur) 
(2) For each u,v € At, u: (v) = G(uv) 
Proof. (1) follows directly from the definition of the action and it suffices 


to establish (2) when u reduces to a single letter a. Let v = aoa... an, 
where the a;’s are letters and let, for 0 <i < n, s; = yp(aoai...a;). Then, 
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by definition, (v) = p(so0,..-,5n) and since, the relation >r is stable on 
the left, 

a: P(v) T pla: l,a: 50, Q: S1,..., 0: Sn) = p(av) 
which gives (2). Q.E.D. (Theorem 7.8) 


We now define a transition Biichi automaton A = (Q, A, E, I, F) by setting 


Q= { ((s1,-+++8n), se”) | (S1,---,5n) E R, 

(s,e) is a linked pair of S; and sn R s} 
I= { ((s1,-+-+5n),5e”) EQ| se’ Ee pi 
E = { (a: (515-3 Sn) a se”), a, ((S1;- -3 Sn), se”)) 

| a€ Aand ((s1, E ., Sn), se”) € Q} 
A transition (G (S$1,---;8n),@ se”), a, ((s1, say S]a se”)) is said to be 
cutting if the last two elements of the >R-chain (a-1,a-51,...,@+8,) are 


R-equivalent. 
We choose for F the set of cutting transitions of the form 


((a (Coen e”),a, ((s1, EP ae) 


where e is an idempotent of S4} such that sn R e. 
Note that A has co-deterministic transitions. A typical transition is 
shown in Figure 9. The first part of the proof consists in proving that every 


(le (sissa), a se) A ((s1,.--,Sn), se”) 


FIGURE 9. A transition of A. 


infinite word is the label of a final path. Let u = agpa,--- be an infinite 
word, and let, for each i > 0, £i = ajaj41--- and qi = (lzi), y(xi)). Each 
qi is a state of Q, and Lemma 7.9 shows that 


ao ay 
P=d —> 4% — q2 
is a path of A. 


Lemma 7.10. The path p is final. 
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Proof. Let (ui)iżo be a factorization of u associated with the linked pair 
(s,e). Then for each i > 0, yluiuigi-::) = e”. Fix some i > 0 and 
let nj = |uour---u,;|. Then qn; = ((s1, g -> Sn), €”) with (s1,...,Sn) = 
PlUuitiui+2:::). In particular, sn R e and hence esn = Sn. Suppose first 
that n > 2. Then y(uj)Sn—1 = eSn—-1 SR e and y(ui)Sn = ESn = Sn R e. 
Therefore the relation y(ui)Sn-1 >R Plui)sn does not hold. If n = 1, the 
same argument works by replacing s,_1 by 1. It follows that in the path of 
label u; from qn;_ı tO dn;, at least one of the transitions is cutting. Thus 
p contains infinitely many cutting transitions and one can select one, say 
(q,a,q'), that occurs infinitely often. This gives a factorization of the form 


xo a / £1 a / T2 


P = qo q q q q 


Up to taking a superfactorization, we can assume, by Proposition 3.2, that 
for some idempotent f, y(aia) = f for every i > 0. It follows that the 
second component of q’ is yp(a;axi41a-:-) = f” and thus the transition 
(q,a, q’) is final, which proves the lemma. Q.E.D. (Theorem 7.8) 


Furthermore, p is successful if and only if y(u) € P, or, equivalently, if 
u € X. Thus A recognizes X and is co-complete. It just remains to prove 
that A is co-deterministic, which, by Proposition 7.3, will be a consequence 
of the following lemma. 


Lemma 7.11. Any final path of label u starts at state ((u), p(u)). 


Proof. Let p be a final path of label u. Then some final transition, say 
(q,a,q'), occurs infinitely often in p. Highlighting this transition yields a 
factorization of p 


vo @ 1 V1 (©) 1 v2 
qo q q q q 


Let q = ((s1, gedsn) e”), and consider a factor of the path p labelled by 
a word of the form v = viavi+1a::- vja, with i > 0 and j — i > n. By the 
choice of v, q' = v- q', and the first component of q’ is obtained by reducing 
the >r-chain 


(y(v[0, 0]), fO, 1]),..-, 9(v), P(v)s1,---,P(v) Sn) 


Now, since the cutting transition (q,a, gq’) occurs n + 1 times in this factor, 
the last n + 1 elements of this chain are R-equivalent. It follows that the 
first component of q’ is simply equal to ¢(v). 

Consider now a superfactorization u = wow1We2:-- obtained by grouping 
the factors vja 


u = (voa: ++ Vig—12) (Vig G+ ++ Vi -14) (Uj, A+ ++ Ving—1@) 
ee ee Ns NS 


wo wi w2 
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in such a way that, for some idempotent f, y(w1) = yp(we) =--- = f. We 
may also assume that ig > 0 and ių — io > n+1. Thus qd = wi- q' = 
wiw: q =-:-, and 


(s1, , Sn) = (w1) = (wiw) = ++: = (wi w2---) 


It follows in particular sn R y(wi) = f. Furthermore, Sn R e since (q, a, q’) 
is a final transition and thus e R f. Therefore e”? = fY = y(wiwe:--). 
Thus 7 = (G(wiw2---), p(wiw2:--)) and it follows from Lemma 7.9 that 


qo = wo: q' = (G(u), p(u)). Q.E.D. (Lemma 7.11) 
Q.E.D. (Theorem 7.8) 


The construction given in the proof of Theorem 7.2 is illustrated in the 
following examples. 


Example 7.12. Let A = {a,b} and let X = aA”. The syntactic w-semi- 
group S of X, already computed in Example 4.2 is S = (S4, Sə) where 
Si = {a,b}, Su = {a”, b” }, submitted to the following relations 


aa=a ab=a aa” = a” ab” =a 


ba = b bb = b ba” = b” bbt = b* 


The syntactic morphism y of X is defined by y(a) = a and y(b) = b. The 
transition Büchi automaton associated with y is shown in Figure 10. The 
final transitions are circled. 


@ 
CPA ore 
© 


FIGURE 10. The transition Biichi automaton associated with y. 


Example 7.13. Let A = {a,b} and let X = (A*a)”. The syntactic w-semi- 
group S of X is S = (S4, Sœ) where S4 = {0,1}, Su = {0”, 1%}, submitted 
to the following relations 

1-1=1 1-0=0 10° = 0% Hes" 

0-1=0 0-0=0 00% = 0” 01° = 1" 


The syntactic morphism » of X is defined by y(a) = 0 and y(b) = 1. The 
transition Buchi automaton associated with y is shown in Figure 11. 
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FIGURE 11. The transition Biichi automaton associated with ¢. 


7.3 Transfinite words 


A natural extension to finite and infinite words is to consider words indexed 
by an ordinal, also called transfinite word. Automata on ordinals were 
introduced by Biichi [8, 9]. This leads to the notion of recognizable set of 
transfinite words. Subsequent work [3, 4, 5, 12, 13, 40] has shown that a 
number of results on infinite words can be extended to transfinite words 
(and even to words on linear orders [6, 28]). 

An extension of the notion of w-semigroup to countable ordinals was 
given in [3, 4, 5]. A further extension to countable linear orders is given in 
[6]. 

It is not difficult to extend the notion of prophetic automata to trans- 
finite words. We show however that prophetic automata do not accept all 
recognizable sets of transfinite words. 

First recall that an automaton on transfinite words is given by a finite 
set Q of states, sets J and F of initial and final states and a set E of 
transitions. Each transition is either a triple (p,a,q) where p and q are 
states and a is a letter or a pair (q, P) where where q is a state and P a 
subset of states. The former ones are called successor transitions and the 
latter ones limit transitions. 

Let a be an ordinal. A path labeled by a word x = (ag)g<a of length a 
is a sequence c = (qg)8<a Of states of length œ + 1 with the following 
properties. 

(1) for each 8 < a, the triple (q8, ag, qg+1) is a successor transition of A. 
(2) for each limit ordinal 8 < a, the pair (limg(c), cg) is a limit transition 
of A, where limg(c) is the set of states q such that, for each ordinal 

y < P, there is an ordinal 7 such that y < n < @ and q = qn. 
Note that since Q is finite, the set limg(c) is nonempty for each limit ordinal 
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B <a. A path c = (gg) g<q is initial if its first state go is initial and it is 
final if its last state qq is final. It is accepting if it is both initial and final. 
A word x is accepted if it is the label of an accepting path. 

The notion of prophetic automaton can be readily adapted to transfi- 
nite words: an automaton is prophetic if any transfinite word is the label 
of exactly one final path. However, the next result shows that not every 
automaton is equivalent to a prophetic one. 


Proposition 7.14. The set A“? of words of length w? cannot be accepted 
by a prophetic automaton. 


Proof. Suppose there is a prophetic automaton A accepting the set AY”, 
Since the word a” is accepted by A, there is a unique successful path 
c = (48) g<w2 labeled by a”. In particular, go is an initial state and q,,2 is 
a final state. We claim that the word a” is also accepted by A. 

We first prove that gg = qo for any 3 < w?. The path (qa)1<g<u2 is also 
a final path labeled by a’. It must therefore be equal to c. This shows 
that qn = qo for any n < w. Similarly, the path (¢g)J<g<w2 is a final path 
labeled by a” and hence qg = q for any B < w°. Since the set lim,,2(c) is 
equal to {qo}, the pair ({¢o}, qu.) must be a limit transition of A. Thus the 
path č = (q3)s<w defined by qg = qo if 8 < w and qi, = qu? is a successful 
path labeled by a”. Q.E.D. 
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Abstract 
This paper is a first attempt at a general survey of deterministic 
graph grammars and the class of graphs they generate. We focus on 
providing some of the basic tools to reason about deterministic graph 
grammars, and on a structural study of their generated graphs. 


1 Introduction 


Context-free grammars are one of the most classical and fundamental no- 
tions in computer science textbooks, in both theoretical and applied set- 
tings. As characterizations of the well-known class of context-free languages, 
they are a very prominent tool in the field of language theory. Since context- 
free grammars are powerful enough to express most programming languages, 
they also play an important role in compilation, where they form the basis 
of many efficient parsing algorithms. 

A similar notion can be adapted to the more general setting of grammars 
generating graphs instead of words. In this case, grammar rules no longer 
express the replacement of a non-terminal letter by a string of terminal 
and non-terminal letters, but that of a non-terminal arc (or more generally 
hyperarc) by a finite graph (or hypergraph) possibly containing new non- 
terminals, thus generating larger and larger graphs. It is still relevant to call 
such grammars context-free, since the replacement of a given non-terminal 
is independent of the context in which it is performed, i. e. the remainder 
of the graph it is applied to, which is left unchanged. 

Also, whenever two non-terminals can be replaced, the corresponding 
derivation steps are independent. Consequently, starting from a given graph, 
it is possible to describe any sequence of productions (a derivation) as a 
derivation tree. This intuitively explains why many notions suitable for 
the study of context-free word grammars extend to context-free (also called 
hyperedge-replacement) graph grammars (see for instance [9]). 

* Let me thank Arnaud Carayol and Antoine Meyer for their help in drafting this paper. 
Many thanks to Wolfgang Thomas for his support, and happy birthday. 
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In this paper, we are concerned with the specific setting where the con- 
sidered sets of grammar rules are deterministic, meaning that there is only 
one production rule for every non-terminal hyperarc. Consequently, from 
a given axiom, a grammar does not generate a set of graphs (which could 
be called a “context-free” graph language), but a unique graph up to iso- 
morphism called a regular graph. This is an important restriction, which 
entails another crucial conceptual difference with word grammars. Note 
that grammars generating a unique finite graph are trivial: they are equiv- 
alent to grammars containing a unique rule, or even no rule if any finite 
graph is allowed as an axiom. As a result and contrary to the case of words, 
we are not interested in graphs generated after a finite derivation sequence, 
but in graphs generated “at the limit” i. e. after an infinite number of steps 
(see Figure 2.8 and Figure 2.9). 

These deterministic graph grammars correspond to the finite systems of 
equations over graph operators originally defined by Courcelle [7], and whose 
least solutions, called equational graphs, are the regular graphs. This kind 
of graphs was first considered by Muller and Schupp [8]: they showed that 
the connected components of the transition graphs of pushdown automata 
are the connected graphs of finite degree whose decomposition by distance 
from a vertex yields finitely many non-isomorphic connected components. 
These graphs are exactly the connected regular graphs of finite degree [4] 
(see also Section 5). 

This work is a first attempt at a general survey of deterministic graph 
grammars and the class of graphs they generate. We focus on providing 
some of the basic tools to reason about deterministic graph grammars, and 
on a structural study of their generated graphs. 

First, Section 2 presents the necessary definitions as well as some exam- 
ples of grammars and their generated graphs. We also define a canonical 
representant of the set of isomorphic graphs generated by a given grammar. 

Second, as is the case for word grammars, we need to provide a collec- 
tion of normal forms before being able to conveniently write more involved 
proofs. This is a slightly tedious but necessary task, which is addressed 
in Section 3, where in particular the notions of reduced, proper and con- 
nected grammars are defined. We provide a way to cleanly separate input 
and output vertices in grammar rules. We also show that considering multi- 
hypergraphs does not improve expressiveness. All these results are obtained 
via fixed-point computations. This allows us, as a first application, to derive 
some structural properties of regular graphs, namely that they only have a 
finite number of non-isomorphic connected components, and that the sets 
of possible vertex degrees in such graphs are finite. 

A problematic feature of regular graphs is that any given such graph 
can be generated by infinitely many different graph grammars. In Section 
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4, we investigate systematic ways to generate regular graphs, for instance 
according to the length of their vertex names for pushdown graphs, or more 
generally, by increasing distance from the vertices having a given colour. 
This yields a notion of a canonical graph grammar associated to any regular 
graph (which will prove useful in the following section). It also allows us 
to establish the closure of the class of regular graphs under various vertex 
colouring operations. 

Section 5 builds up on all the notions and results presented in the pre- 
vious sections to establish a characterization of regular graphs of bounded 
degree, either in a general way by the suffix transition graphs of labelled 
word rewriting systems, or in a restrictive way by the transition graphs of 
pushdown automata in a weak form. 

Finally in Section 6, we present a simple and strong connection between 
deterministic graph grammars and context-free grammars over words, and 
hence also context-free word languages: even though regular graphs may in 
general have an infinite degree, the set of path labels between two regular 
sets of vertices in a regular graph remains a context-free language. In this 
respect, deterministic graph grammars provide a natural and powerful tool 
to reason about context-free languages, and indeed several classical results 
in the theory of context-free languages can be reassessed in this framework. 
To summarize, deterministic graph grammars are not only finite represen- 
tations of infinite graphs whose structure is regular (i. e. which have a finite 
decomposition by distance), they are also to context-free languages what 
finite automata are to regular languages. 


2 Regular graphs 

In this section, we introduce the notion of deterministic graph grammar 
(Section 2.2) together with the family of graphs they generate: the regular 
graphs (Section 2.3). We conclude by presenting several examples of regular 


graphs. But first, we introduce basic notations on graphs and hypergraphs 
(Section 2.1). 


2.1 Graphs 


Let N be the set of natural numbers and N+ = N — {0}. A set in bijection 
with N is called countable. For a set E, we write |E| for its cardinal, 27 


for its powerset and for every n > 0, E” = {(e1,..., €n) | €1,---,€n E€ E} 
is the set of n-tuples of elements of E. Thus E* = (J >o E” is the free 
monoid generated by E for the concatenation: (e1,..., em): (e4,---,€,) = 
(e1,.--, €m, €l,- -, €), and whose neutral element is the 0-tuple (). A finite 


set E of symbols is an alphabet of letters, and E* is the set of words over 
E. Any word u € E” is of length |u| = n and is also represented by a 
mapping from [n] = {1,...,n} into E, or by the juxtaposition of its letters: 
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u = u(1)...u(|u|). The neutral element is the word of length 0 called the 
empty word and denoted by e€. 

A multi-subset M of E is a mapping from E into N where for any 
e € E, the integer M(e) is its multiplicity (the number of occurrences of e 
in M). A multi-subset M of E is also represented by the functional subset 
{(e, M(e)) |e € EA M(e) 4 0} of ExN?: if (e,m), (e,n) € M then m =n. 
The cardinal of M is |M| = X ecg M (e), and M is said to be finite if its 
support M := {e € E | M(e) £ 0} is finite. By extension we write e € M 
for e € M. A finite multi-subset M can also be described by a subset of 
E where each e € E appears M(e) times. For instance the multi-subset 
defined by a+> 3, bt 1, x + 0 otherwise, is represented by {(a, 3), (b, 1)} 
or directly by {a,a,a,b}. For instance {2,2,2,5} is the multi-subset of the 
decomposition of the number 40 into its prime factors. A subset P C E 
corresponds to the multi-subset {(e, 1) | e € P} and vice-versa. 


Given multi-subsets M and N, we define the multi-subset 


sum M+N by (M+ N)(e) := M(e) + N(e), 
difference M-N by (M— N)(e) := max{M(e) — N(e), 0}, 
union MUN by (MUN)(e) := max{M(e), N(e)}, 
intersection MAN by (MN N)(e) := min{M(e), N(e)}, 


and restriction Mp to P C E by 


M(e) ifecP, 
0 otherwise; 


Mp(e) = 


We shall also write M-p for M)z_p. The inclusion M C N means that 
M(e) < N(e) for every e € E. 

Let F be a set of symbols called labels, ranked by a mapping o: F — N 
associating to each label f its arity o(f), and such that 


Fn := {f € F | o(f) = n} is countable for every n > 0. 


We consider simple, oriented and labelled hypergraphs: a hypergraph G 
is a subset of |J „>o Fn V”, where V is an arbitrary set, such that its verter 
set, g 

Va := {v E€ V | FV*vV* NGF Ø}, 


is finite or countable, and its label set, 
Fe :={fE F| fV AGZ}, 


is finite. 
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FIGURE 2.1. The hypergraph {fxyz, gry, ha, c}. 


Any fvi... Vaf) € G is a hyperarc labelled by f and of successive vertices 
U1,+++) Ugg); it is depicted for 


o(f) =2 asan arrow labelled f and successively linking v1,..., Vo(f); 
o(f)=1 asa label f on vertex vı and f is called a colour of v1; 
o(f)=0 as an isolated label f called a constant. 


This is illustrated in Figure 2.1. 


A vertex v is depicted by a dot named (v) where parentheses are used 
to differentiate a vertex name from a vertex label (a colour). Note that a 
hyperarc X is a word whose first letter X (1) is its label, and for 1 < i < |X], 
the ith letter X (i) is its (i — 1)st vertex; to avoid such a shift, we also write 
a hyperarc as the word fY where f is its label and Y is its vertex word. 
Observe that a hypergraph is finite if and only if it has a finite vertex set. 

The transformation of a hypergraph G by a function h from Vg into a 
set V is the following hypergraph: 


h(G) = { fh(vr) Ait h(Vecf)) | fui ++ Uo(f) € G} 


An isomorphism h from a hypergraph G to a hypergraph H is a bijection 


from Vg to Vy such that A(G) = H, and we write G 2 Hor G~ H if we 
do not specify the bijection. 

The restriction of a hypergraph G to a subset P C Vg is the sub- 
hypergraph of G induced by P: 


Gip = GN FP*. 


So Gp = Idp(G) where Idp := {(v,v) | v € P} is the identity on P. 
For a hypergraph G, the edge relation Ta is the binary relation on the 
vertex set Vga defined by 


X (i) > X (3) for any X € G and i # j € {2,...,|X]f. 


We denote by FA with n > 0 the n-fold composition of T with 


ae Idy, the identity on Vg, and by ri Uso s the reflexive 
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h a 
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FIGURE 2.2. A finite graph. 


and transitive closure of aa As usual s and t are connected vertices in G if 


s aa t, and G is a connected hypergraph if the vertices of G are connected. 


The degree of a vertex s of a hypergraph G is 
da(s) := |{(X,7) | X € G- Fi\Vae A2<i< |X|AX(i) = s}. 


Note that the colouring does not affect the degree. We say that a hypergraph 
G is of finite degree (or locally finite) if da(s) < w for any vertex s € Va, 
and G is of bounded degree (or globally finite) if max{de¢(s) | s E€ Ve} < w. 
For a subset Æ C F of labels, we write 


Van := {v € V | EV*0V* NG F Ø} = Vonevs 


the set of vertices of G linked by a hyperarc labelled in E. 

A graph G is a hypergraph without constants and without labels of arity 
strictly greater than 2: Fg C Fı U Fy. Hence a graph G is a set of arcs 
av 1V2 identified with the labelled transition vı re vz or directly vı 5 v 


if G is understood, plus a set of coloured vertices fv. For instance, the finite 
graph: 


a 


b b b $ 
{r p,p s, p 4,4 = p,q s, ir, gp, hp, fs, ft} 


has vertices p, q,r, s, t, colours f, g, h,i and arc labels a,b, and is represented 
in Figure 2.2; we omit the names of the vertices to give a representation up 
to isomorphism. 

A tuple (vo, a1, V1, ..., an, Un) for n > 0 and vo a Vp... Un—1 n: Un İS 


a path from vo to vn labelled by u = a1 . . . an; we write vo => Un or directly 


vo => Un if G is understood. For E C Fx, we write v = v' ifv = v’ for 


some u € E. 
Given a graph G and vertex sets P,Q C Ve, we write L(G, P,Q) the 
language of path labels from a vertex in P to a vertex in Q: 


L(G, P,Q) := {ue Fy | dpe Page Qp => q)}. 
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f 


h Z ig 
(x)e ——> œ (y) © (z) c c c 
h 


f 
FIGURE 2.3. The multi-hypergraph { fxyz, fryz, gry, hz, hax,c,c,c}. 


Given colours i, f € Fi, we define L(G,i, f) := L(G, Vai, Va,f) as the 
path labels from the set Vg; of vertices coloured by 7 to the set Vg, of 
vertices coloured by f. For instance taking the previous graph, its path 
labels from i to f is b(ba)*(a + bb). 

Hence a finite graph G with two colours 7 and f is a finite automaton 
recognizing the language L(G,i, f). For any (finite) alphabet T C Fo, the 
family 


Rat(T*) := {L(G,i, f) | |G] <wA Fen Fa CTAi,feK} 


of languages over T recognized by the finite automata coincides with the 
family of regular languages over T. A graph G without vertex label, i. e. 
such that Fe C F>, is called an uncoloured graph. 

The family of hypergraphs ordered by inclusion C forms a complete 
partial order: its least element is the empty graph @ and any sequence 
(Gn)n>o (not necessarily increasing) with a finite label set Up >o Fe, has a 
least upper bound Up >o Gn- E 

If we fix a finite or countable set V of vertices and a finite set E C F of 
labels, the family G(V, E) of subsets of Up, >o EnV” with En = E N Fn for 
any n > 0, is the set of hypergraphs G with Vg C V and Fg C E. Such a 
set G(V, E) is a complete lattice: Ø is the least element, („>o EnV” is the 
greatest element, and every subset H C G(V, E) has a supremum (JH and 
an infimum ()H. 

A multi-hypergraph G is a multi-subset of Up >o nV” where V is an 
arbitrary set; each hyperarc X € G is depicted G(X) times. The vertex set 
Vg and the label set Fg of a multi-hypergraph G are the sets defined on 
its support â, i.e. Va := Vg and FG := Fe. The transformation of any 
multi-graph G by any function h from Vg into a set is extended in a natural 
way: 

h(G)(X) := 5 G(Y) for any hyperarc X 
h(Y)=X 
assuming that the sum is always finite. Given f € F, and v € V, the 


sequence {(fv,n)}n>ı is increasing for the inclusion but it has no least 
upper bound because an infinite multiplicity is not allowed. 
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(x)e (x). l (x) (x) ——» e. 
oJ a Ja 
A — “CB 3 (y*\{ Bo {y} Fie 
d A 
C 
(y)° yes ——_* (z)* (2) °<— 


FIGURE 2.4. A (deterministic) graph grammar. 


2.2 Graph grammars 


A hypergraph grammar R is a finite set of rules of the form fx, ... 2% ¢¢) —> 
H where fx,...2f) is a hyperarc joining pairwise distinct vertices zı # 
... É Lf) and H is a finite multi-hypergraph; we denote by Nr := {f € 
F | fX € Dom(R)} the non-terminals of R, the labels of the left hand 
sides; by Tr := {f € F — Nr | 3P € Im(R)(fX € P)} the terminals of R, 
the labels of R which are not non-terminals; by Fr := NrUTp the labels of 
R; and by o(R) := max{o(A) | A € Ne} the arity of R, the maximal arity 
of its non-terminals. 

We use grammars to generate simple graphs (without multiplicity). 
Hence in the following, we may assume that any terminal hyperarc of any 
right hand side is of multiplicity 1, otherwise we replace R by 


{(X, (H)) | (X, H) € R} 


where (H) is obtained from H by removing the multiplicity of the terminal 
hyperarcs: 


Remark that multiplicities of non-terminal hyperarcs are usually not 
introduced when working with graph grammars. As explained in the next 
subsection, they are in all generality necessary to ensure the unicity of the 
graph generated (see also Figure 2.6). In the next section, we shall see that 
any graph grammar can be transformed into an equivalent grammar where 
multiplicities do not need to be taken into account. 

Starting from any hypergraph, we want a grammar to generate a unique 
hypergraph up to isomorphism. So we restrict ourselves to deterministic 
grammars, meaning that there is only one rule per non-terminal: 


(X, H), (Y,K) € RAX(1)=Y(1) = (X, H) = (Y, K). 


For any rule X —> H, we say that Vx N Vy are the inputs of H and 
U{Vy | Y € HAY(1) € Npr} are the outputs of H. We shall use upper- 
case letters A, B, C, ... for non-terminals and lower-case letters a,b,c... for 
terminals. We say that R is a graph grammar if the terminals are of arity 
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z a B 
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b {4 b Ce 
a a 
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26 2 e> 2 ea tM 2 ea tae 


FIGURE 2.5. Parallel rewritings according to the grammar of Figure 2.4. 


1 or 2. An example is given in Figure 2.4 where we have 
Nr = {4, B}, Tr = {a,b,c,d}, o(R)=3, 
and the inputs of the first and second rule are x,y and x,y,z, respectively. 
Given a grammar R, the rewriting ee is the binary relation between 


multi-hypergraphs defined as follows: M rewrites into N , written M E N, 


if we can choose a non-terminal hyperarc X = Ası ...Sp in M and a rule 
Ag ...%, — H in R such that N can be obtained by replacing X by H 
in M and by removing the multiplicity of terminal hyperarcs: 


N=((M —- X)+hk(H)) 
for some function h mapping each x; to s;, and the other vertices of H 
injectively to vertices outside of M; this rewriting is denoted by M PE N. 
The rewriting ae of a hyperarc X is extended in an obvious way a the 
rewriting ae of any multi-subset E of non-terminal hyperarcs. A complete 
parallel rewriting = is the rewriting according to the multi-subset of all 
non-terminal Eseperaccs! M = Nif M ae N where E is the multi-subset 


of all non-terminal hyperarcs ‘of M. 

For instance, the first three steps of the parallel derivation from the 
graph {Axy, lx, 2y} according to the grammar of Figure 2.4 are depicted in 
Figure 2.5. 

The derivation at is the reflexive and transitive closure for composi- 
tion of the parallel ne ard (i.e. G = H if H is obtained from G 


by a consecutive sequence of atalik CES We can now define the 
graphs generated by deterministic graph grammars. 


2.3 Regular graphs 


Intuitively the graph (up to isomorphism) generated by a deterministic 
graph grammar R from a finite graph Go is the limit of any infinite se- 


178 D. Caucal 


Graph grammar: 


(1)e (1)+ Se. (1) (1)6 (1)¢ (1)6 


ae a Pm 


(2)% (Gjet (2)¢ OY (2)% 2N 


Parallel rewritings: AY 
b= LO = Le = X 
. —— ` .<—: E 


NO 
FIGURE 2.6. Parallel rewritings producing multiplicity. 


quence of rewritings starting from Go where every non-terminal is eventu- 
ally rewritten. Formally, to a sequence (G;):>0 of finite multi-hypergraphs 
such that 


1. for alli > 0, Gi — Gij41, and 
R, Xi 


2. for all X € G; with X(1) € Np, there exists j > i such that X = 
Xj 
we associate the limit [J;>o[G;] where for a hypergraph M, we designate by 
[M] := MOTrV;j;, designates the (simple) set of terminal hyperarcs of M. 
Note that the sequence (G;);>0 can be not increasing contrary to the 
sequence ([G;]);>0; in particular, even if U;.9[Gi] is finite, the sequence 
(Gi)i>o is not necessarily ultimately constant. It is easy to check that this 
limit does not depend on the order of the rewriting. In particular, we can 
use the parallel rewriting = which provides a canonical rewriting order 


similar to the leftmost rewriting for context-free grammars. The example 
in Figure 2.6 illustrates that without multiplicities, the unicity of the limit 
graph no longer holds. 

We shall see in next section that, though multiplicities are crucial in 
ensuring the unicity of the generated graph, they can be omitted provided 
that the grammar respects a certain normal form (see Subsection 3.2). 

A hypergraph G is generated by a grammar R from a hypergraph H if 
G is isomorphic to a hypergraph in the following set: 


R*(H) = { |J [F] 


n>0 


Ho = H ^Yn > 0(Hn = Hn); 


note that the vertices of H appear in any hypergraph of R” (H). For instance 
by continuing infinitely the derivation of Figure 2.5, we get a graph depicted 
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FIGURE 2.7. Graph generated by the grammar of Figure 2.4. 


in Figure 2.7. Note that the definition of R“(H) does not fix a particular 
naming of the vertices of the graph generated by R. A canonical naming is 
provided in Section 3.5. 

A regular hypergraph is a hypergraph generated by a (deterministic) 
grammar from a finite hypergraph. The regular hypergraphs are the hy- 
peredge replacement equational hypergraphs in the sense of [7], which are 
defined as the smallest solutions of finite systems of equations involving a 
set of hypergraph operators. 


FIGURE 2.8. A regular graph. 


A regular graph is a regular hypergraph which is a graph: it is generated 
by a graph grammar from a finite hypergraph. We give some examples of 
regular graphs. The grammar R reduced to the unique rule 


A1234 — {a21, b25, A2345} 
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FIGURE 2.9. Another regular graph. 


and represented below: 


A fia 
o_o -~” ANANA 
>i ie ees i a N 


a) (2) (3) (4) a) (2) (3) (4) (5) 


generates from its left hand side the following regular graph: 


b b b b 


a b a F a 7 < 7 < 7 =x 
which can be drawn without crossing edges as the regular graph in Fig- 
ure 2.8. Another example of graph grammar is the grammar reduced to the 
following rule: 


b 
(je (1)e ———> 
A 
|. | 
c 
e = e < e 
(2) (2) d A 


generating from its left hand side the regular graph in Figure 2.9. The 
grammar reduced to the following rule: 
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(2)* (2)* st 


generates from its left hand side the following regular graph: 


Finally the graph grammar reduced to the following rule: 


a» Gjt G4 
e e H ‘d e 
(2) 
A _ A A 
(3) 
(a> a (ay b 4@) 


generates from its left hand side the regular graph below, where each vertex 
is of infinite in-degree: 


b a 


3 Normalizations of graph grammars 

In this section, we present several elementary transformations to normalize 
hypergraph grammars. The first normalization gives an equivalent gram- 
mar with a constant axiom such that each non-terminal is accessible and 
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generates a non empty graph which is connected except for the axiom and 
possibly another constant (cf. Proposition 3.5). 

This normalization is extended to get ride of multiplicities both in the 
definition of the graph grammar and in its derivation relation. To ensure 
that multiplicities are not needed, we ask that any non-terminal hyperarc 
appearing in a right hand side of a rule contains a vertex which is not an 
input (cf. Proposition 3.10). We extend this second normalization by sep- 
arating as much as possible for each right hand side the inputs and the 
outputs (cf. Theorem 3.12). All these basic transformations are expressed 
in a powerful and natural way as fixed point computations. These normal- 
izations are used to derive properties on the generated graphs: any regular 
graph has a finite number of non-isomorphic connected components, and a 
finite number of vertex degrees (cf. Propositions 3.4 and 3.13). Finally we 
give a canonical vertex naming for the regular graphs (cf. Subsection 3.5). 


3.1 Reduced and connected form 


We begin by transforming any grammar into a reduced form. We say that 
a grammar R is reduced if R = Ø or there exists a constant non-terminal 
Z € Dom(R)N Fo called the axiom such that the following three conditions 
are satisfied: 


(i) for all H € Im(R), Z ¢ Fy 
(ii) for all A € Np there exists H such that Z = H and A € Fy 


(iii) RY(X) # @ for every X € Dom(R); 


the axiom is a non-terminal constant which by condition (i) does not 
appear in the right hand sides of the rules, condition (ii) means that each 
non-terminal is accessible from the axiom, and condition (iii) expresses that 
R generates a non empty hypergraph from any non-terminal hyperarc. By 
condition (iii), the grammar Ø (with no rule) is the unique reduced grammar 
generating the empty graph Ø. By conditions (i) and (ii), a non empty re- 
duced grammar has a unique axiom. For instance the grammar of Figure 2.4 
is not reduced, but it becomes reduced by adding the rule Z — Ary. 

We say that a hypergraph G is generated by a reduced grammar R if 
R = G = Ø or if the reduced grammar R is non empty and generates G 
from its axiom. 


Lemma 3.1. Any regular hypergraph can be generated in an effective way 
by a reduced grammar. 


Proof. Let G be a hypergraph generated by a deterministic grammar R 
from a finite multi-hypergraph Go. 
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FIGURE 3.1. Reduction of a grammar. 


We take a new constant Z € Fy — Fp and we complete R into R := RU 
{(Z,Go)}. The set E := (Fr N Ng | Z =* K} of accessible non- 
R 


terminals from Z is the least fixed point of the equation 


E={Z}U{Y(1) € Nr |3(X, H) E€ R(X(1)€ FAY € H)}. 


The set E := {X(1) € E | R°(X) F {Ø}} of productive accessible non- 
terminals is the least fixed point of the equation 


E = {X(1) € E | IP((X, P) € RA PA (E U TR) V £ Ø)}- 
The following grammar 
S:= {(X,Pgunpys) | (X, P) € RA X(1) € E} 
is reduced and generates G. Q.E.D. (Lemma 3.1) 


The “standard” construction in the proof of Lemma 3.1 is illustrated in 
Figure 3.1. Another form of grammar is to be proper: 


Vx C Va for all X € Dom(R) and for all G € R*(X) 


meaning that any vertex of the left hand side X of any rule, is a vertex 
of its right hand side and is a vertex of a terminal hyperarc of any graph 
obtained by a derivation from X. For instance the grammar of Figure 2.4 
is proper but the following grammar: 


Ary — {axz, Azy} 


is not proper because the vertex y of Axy does not belong to any graph of 
RY (Axy). 
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Lemma 3.2. Any regular hypergraph can be generated in an effective way 
by a proper and reduced grammar. 


Proof. Let G be a regular hypergraph. We may assume G # Ø because 
Ø is a proper and reduced grammar generating Ø. By Lemma 3.1, G is 
generated by a reduced grammar R from its axiom Z. 

For every rule Axı ...2% (4) —> Pa in R, we define the set Keep(A) of 
indices 1 <i < @(A) such that 2; is useful: 


a; € Vo for all G € R” (Axı T .Zo(A)) 


This collection of sets Keep(A) is the least fixed point of the following 
recursive system: 


Keep(A) := {i € [e(4)] | Pa N TRV, t:VŽ, # ØV 
IBY € P4(B € NRAIL < j < |Y|(Y (J) = z; A j € Keep(B)))}. 


To each A € Np, we associate a new symbol A’ of arity | Keep(A)|. To 
each non-terminal hyperarc Ayı ...Y (4) (with A € Np), we associate the 
following hyperarc: 


e 


h( Ayı- .Yə(a)) = Artis a's Yip 


with {t1,...,ip} = Keep(A) and i; < ... < ip. We complete h by the 
identity: h(X) := X for any terminal hyperarc X. Finally we extend h by 
union to any multi-hypergraph H: h(H) := {h(X) | X € H}. We define a 
grammar 


ACR) = {(h(X), h(H)) | (X, H) € R}. 
The grammar h(R) is proper, reduced and generates G from its axiom 
h(Z) = Z'. Q.E.D. (Lemma 3.2) 
The construction in the proof of Lemma 3.2 is illustrated in Figure 3.2. 


We now want to generate regular hypergraphs using grammars in two 
parts: a set of rules producing only connected graphs, and a set of rules 
whose left hand sides are constants. Note that for any reduced grammar 
generating a connected hypergraph, the axiom is the unique non-terminal 
of null arity. A connected grammar R is a proper grammar such that 


for all X € Dom(R) — Fo and all G € R*(X),G is connected. 


In particular for every rule (X, H) € R with X ¢ Fo, we have HN Fọ = Ø. 
Let us extend Lemma 3.2. 


Lemma 3.3. Any regular hypergraph can be generated in an effective way 
by a connected and reduced grammar. 
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FIGURE 3.2. Transformation of a grammar into a proper grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.2, G is generated 
by a proper and reduced grammar R from its axiom Z. For every rule 
Ag... (4) — Ha in R and for every 1 <i < @(A), we associate the set 
Con(A, i) of vertices in H4 which are connected to z; in R*(Aa,...2 (a))- 
This collection of sets Con(A,i) is the least fixed point of the following 
recursive system: 


Con(A, i) = {ai} UL {Vx | X € Ha A X(1) € Tr A Vx NCon(A, i) # Ø} 


U|J{X(y) | 3Y € Dom(R) 
(Y(1)X € Ha A Ak(X(k) € Con(A, i) A x; € Con(Y (1), k)))}. 


We complete these sets by defining for any A € Np the set 
Con(A) := {Con(A, iz) | 1 <i < of A)} Uf}. 


To each non-terminal hyperarc X € Dom(R) and to each P € Con(X(1)), 
we associate a new symbol X(1)p of arity |P A {21,...,2 (x 1))}|, and the 
hyperarc 

Xp := X(1) px, ... £i 


with {2;,,.-.,%,} = PN {a1,...;¢ ex} and ii <... < fp. 


In particular Xø = X(1)g is a constant. This permits to define the following 
grammar: 


P 


T:={(X,{Xp | P € Con(X(1))}) | X € Dom(R)} 


which splits each X € Dom(R) into hyperarcs according to Con(X(1)). 
For each rule (X, H) of R, there is a unique hypergraph Kx such that 
H => Kx, and we denote 


(X) = Vex — |] Con(X 
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FIGURE 3.3. From a proper grammar to a connected grammar. 
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FIGURE 3.4. A non connected regular graph. 


the set of vertices of Hx which are not connected to an input (a vertex in 
Vx). The following grammar 


S := {(Xp,(Kx)|p — Fo) | X € Dom(R) A P € Con(X(1)) — {2}} 
U {(Xg, (Kx)\¢xy | X € Dom(R)} 


generates from Xp the connected component of R” (X) containing P 4 Ø, 
and S generates from Xg the remaining part of R“’(X). In particular 
G € S*(Zg). The grammar S is connected but it is not necessarily re- 
duced. However by applying Lemma 3.1, we get an equivalent connected 
and reduced grammar of axiom Zø. Q.E.D. (Lemma 3.3) 


The transformation of Lemma 3.3 is illustrated in Figure 3.3. 
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A regular graph can have an infinite number of connected components 
as shown in Figure 3.4. An even simpler example is given by the graph 
grammar reduced to the unique rule Z —> {axy, Z} which generates from 
the constant Z the infinite repetition of an a-arc. However these two regular 
graphs have only a unique connected component up to isomorphism. Let 
us generalize this property. 


Proposition 3.4. A regular hypergraph has a finite number of non-iso- 
morphic connected components. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.3, G is generated 
by a connected and reduced grammar R from its axiom Z. We restrict R 
to the grammar S := {(X, H) € R | X € Fo}. The grammar S' preserves 
connectivity: 


S“ (K) is connected for any connected hypergraph K ¢ Nr N Fo. 


Any connected component of G is isomorphic to a hypergraph of the fol- 
lowing set: 


UHSK) | JH € Im(R)(K connected component of H — (Npr N Fo))} 


which has a finite number of non-isomorphic hypergraphs. 
Q.E.D. (Proposition 3.4) 


Let us now normalize the constant rules: A grammar R is strongly re- 
duced if R is a reduced grammar with at most two non-terminal constants 
(i.e. [NRO Fo| < 2), and such that 


(X, H)€ RAX ER = HAR =. 


Note that this last condition is already satisfied if R is connected. Let us 
extend Lemma 3.3. 


Proposition 3.5. Any regular hypergraph can be generated in an effective 
way by a connected and strongly reduced grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.3, G is generated 
by a connected and reduced grammar R from its axiom Z. We extract in 
R the following constant rules: 


Ro := { (X,Y) | IH((X, H) € RA X € h AY € Fy N NRA Fo)} 


in order to determine the following subset of “non-repetitive” constant non- 
terminals: 


NRep := {A € NRO Fo | (A, A) ¢ RO} — {2}. 
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First we restrict R to the rules of its non-repetitives constant non-terminals: 
I := {(X, H) € R | X € NRep}. 
To each X € NRep, we derive a hypergraph Hx such that 


X =" Hx ^ Fu, O NRep = Ø 


and we define the following grammar: 
I’ := {(X, Hx) | X € NRep}. 


By rewriting according to I’, we remove the non-repetitive constant non- 
terminals in R. For each X € Fo — NRep, we associate a hypergraph H% 
such that 

X Ro = AY 


with Vi, N Vg; = Ø for every X #Y in Fo — NRep. 


The grammar 
S := {(X, H) € R | X ¢ Fo} U {(X, Hx) | X € Fo — NRep} 


remains connected, reduced and generates G from its axiom Z. The set of 
“repetitive” constant non-terminals is 


Rep := {A | (A, A) € Ro} = (Nr N Fo) — (NRepU{Z}) 


If Rep = Ø then S suits with Npr N Fo = {Z}. Otherwise we take a new 
constant Y # Z and the following graphs: 


Ko := (Hz)|-»,, the image of Z in S without constants, 
and K :=|J{(H’x)|-», |X € Rep}. 
The grammar 
S := {(X, H) € S | X ¢ Fo} U {(Z, Ko U {Y }) (¥,K U{Y})} 


remains connected and S’ generates G from Z. By restriction to the acces- 
sible non-terminals from Z using Lemma 3.1, we get an equivalent grammar 
which is strongly reduced. Q.E.D. (Proposition 3.5) 


The transformation of Proposition 3.5 is illustrated in Figure 3.5. 
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FIGURE 3.5. From a reduced grammar into a strongly reduced one. 


3.2 Discarding the multiplicity 


In this section, we construct for any reduced grammar a finite graph of its 
output dependencies by rewritings from the axiom. This permits to decide 
whether every derivation from the axiom is only on simple hypergraphs 
(without multiplicity). Then we present a normal form that allows to get 
ride of multiplicity. In a first time in Lemma 3.8, we show that any gram- 
mar is equivalent to one where right hand sides are hypergraphs and not 
multi-hypergraphs. In a second time, we show in Proposition 3.10 that any 
grammar is equivalent to a grammar where each non-terminal hyperarc ap- 
pearing in a right hand side contains a vertex which is not an input. For 
a grammar in this normal form, the generated graph can be defined using 
only hypergraphs and not multi-hypergraphs. 

Let R be any reduced grammar. An output link C of R is a multi- 
hypergraph of at most two hyperarcs which are non-terminals and with a 
common vertex: 


IC] <2A Fo C NRA(X,Y € C = Vx NW £ Ø); 


we denote [C]. := {D | C ~ D} the closure of C by isomorphism. The 
output dependency graph Out(R) of R is 


Out(R) := Gifs\[z]}.—*s} 


the graph G below and restricted to its vertices accessible from [Z]~: 


G := {[C]~ — [D]~ | C, D output links A 3H 
(C ee HADCHA(\D| = 1 = D connected component of H —[H]))}. 


In Figure 3.6, we give the output dependency graph of a reduced grammar. 
We say that a grammar R is without multiplicity if R is reduced and every 
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Grammar R: 
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Output dependency graph Out(R): 


FIGURE 3.6. Output dependency graph of a grammar. 


vertex of Out(R) is a simple hypergraph. Thus 


R is without multiplicity == (VH(Z a H = > H simple)). 


In particular, any grammar without multiplicity is simple. 

We now want to transform any grammar into an equivalent grammar 
without multiplicity. We start with preliminary normal forms presented in 
Lemma 3.6 and 3.7. We say that a grammar R is growing if R= Ø or R 
generates an infinite hypergraph from each left hand side, except possibly 
from its axiom Z: 


for all X € Dom(R) — {Z} and G € R*(X), we have |G| = w. 


Lemma 3.6. Any regular hypergraph can be generated in an effective way 
by a growing, connected and strongly reduced grammar. 


Proof. Let G Æ Ø be a regular hypergraph. By Proposition 3.5, G is gen- 
erated by a connected and strongly reduced grammar R from its axiom Z. 
We define two binary relations Rọ and R, on the non-terminal set Nr as 
follows: 


Ro := {(X(1), Y (1)) |SH((X, H) € RAY € HAY(1) € Np)} 
Ra := {(X(1), ¥(1)) | 3H (X, H) € RAY € HAY(1) € Np 
A Vy — Vx Æ @)} 


Y 
Y 
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Then the set E := {A | 3B((A, B) € Rý \(B,B) € Rf)} is the set of 
non-terminals X(1) with X € Dom(R) such that the graphs of R“(X) are 
infinite. We begin with the grammar 


Io := {(X,2) | X € Dom(R) A X(1) € Nr - E}. 


Having constructed a grammar In for n > 0, we define a deterministic 
grammar I,41 with Dom(In41) = Dom(Io) and 


Inga C {(X, H) | X Ro TH H}. 
Note that the right hand sides of the grammars J,, do not contain any non- 
terminal hyperarc. We finish with the grammar I = Im for m = min{n | 


In = In4i}. Thus I is a grammar with Dom(/) = {X € Dom(R) | X(1) € 
Nr — E} and for every (X, H) € I, H is finite and H € R” (X). 


From J, we construct a deterministic grammar S$ such that 
SC {(X,H)|X Ro => HA X(1) € EF}. 
This grammar S' is growing, connected and by restriction to the accessible 
non-terminals from Z, it is strongly reduced. Q.E.D. (Lemma 3.6) 
We say that a grammar R is strict if 
Vy — Vx # Ø for any (X, H) € R 


any rule has at least one non-input vertex in its right hand side. Starting 
from a growing grammar, it is enough to write every right hand side until 
the grammar is strict. 


Lemma 3.7. Any regular hypergraph can be generated in an effective way 
by a strict, connected and strongly reduced grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.6, G is generated 
by a growing, connected and strongly reduced grammar R from its axiom 
Z. As R is growing, we derive each right hand side of S until we get a non 
input vertex. We define 


So := {(X, H) € R | Vx # Va} 
and having defined Sn, we construct a maximal deterministic grammar 


Sn+1 © Sn U {(X, H) | X € Dom(R) — Dom(Sn) 
AX Ro => H ^ Vx # Vu} 
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FIGURE 3.7. Transformation of a grammar into a strict grammar. 


to get S := Sm for m = min{n | V(X, H) € Sn(Vx # Ve)}. This grammar 
S is strict and generates G from its axiom Z. Furthermore S remains 
connected and becomes strongly reduced by restriction to the accessible 
non-terminals from Z. Q.E.D. (Lemma 3.7) 


The transformations of Lemma 3.6 and Lemma 3.7 are illustrated in Fig- 
ure 3.7. 


To generate a regular (simple) hypergraph, we can avoid multiplicity in 
the grammar. Precisely, a simple grammar is a grammar where each right 
hand side is a (simple) hypergraph. 


Lemma 3.8. Any regular hypergraph can be generated in an effective way 
by a simple, strict, connected and strongly reduced grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.7, G is generated 
by a strict, connected and strongly reduced grammar R from its axiom Z. 
To each non-terminal A € Nr— {Z}, we associate its maximal multiplicity: 


m(A) := max{ H(X) | H € Im(R) AX € HA X(1) = A}, 


and we take new non-terminals A;,...,Am 4) of arity @(A). This allows 
us to replace each right hand side H € Im(R) by the following simple 
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FIGURE 3.8. Transformation of a grammar into a simple grammar. 


hypergraph: 


H' :={X |X € HA X(1) € Tp} 
U{X(1);:X (2)... X (|X|) | X € HN NRV A1 <i < H(X)}. 


We obtain the grammar 


S:={(Z,H’) | (Z, H) € R} 
U {(X0LX(2...X((X)), H) | (X, H) € RA1 <i < m(X(1))} 


This grammar S is simple, strict, connected, strongly reduced and generates 
G from its axiom Z. Q.E.D. (Lemma 3.8) 


The transformation of Lemma 3.8 is illustrated in Figure 3.8. 


To generate a regular hypergraph, we also want to reduce the rewriting 
steps to (simple) hypergraphs. This is not possible in general as shown 
in Figures 2.6 and 3.9. However any regular hypergraph can be generated 
by a simple hypergraph grammar whose rewriting steps are restricted to 
simple hypergraphs. A grammar R is non-terminal outside if for any rule 
X — H, any non-terminal hyperarc Y € H with Y(1) € Npr has a vertex 
which is not an input: Vy — Vx #4 Ø. The grammar of Figure 3.4 is non- 
terminal outside and the grammar of Figure 3.9 is not. With the property 
of being strongly reduced, we have removed the multiplicity by parallel 
rewritings for constants. The non-terminal outside property removes the 
multiplicity by parallel rewritings for non-constant non-terminals. 
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FIGURE 3.9. Multiplicity by parallel rewritings. 
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Zz => 


a : 
IN, INS 
FIGURE 3.10. A graph grammar which is not non-terminal outside. 


Lemma 3.9. Any non-terminal outside, simple and strongly reduced gram- 
mar is without multiplicity. 


Proof. Let R be any non-terminal outside, simple and strongly reduced 
grammar. By induction, we verify that the rewriting -p Preserves the 


property P(H) of a hypergraph H to be simple and with at most one non- 
terminal constant: 
P(H) \ H — K => P(K). 


Let X be the left hand side of the applied rule. If X is a constant then 
the implication is due to R being simple and strongly reduced. If X is not 
a constant then the implication is due to R being simple, strongly reduced 
and non-terminal outside. Q.E.D. (Lemma 3.9) 


In Figure 3.10, we give another simpler grammar which is not non- 
terminal outside and for which the generated graph is obtained by parallel 
rewritings with multiplicity. We can transform any grammar into an equiv- 
alent simple non-terminal outside grammar. 
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Grammar: 
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FIGURE 3.11. Transformation of the grammar of Figure 3.10. 


Proposition 3.10. Any regular hypergraph can be generated in an effec- 
tive way by a non-terminal outside, simple, connected and strongly reduced 
grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.8, G is generated 
by a simple, strict, connected and strongly reduced grammar R from its 
axiom Z. Recall that a connected grammar is proper. 

We transform R by incrementing the arity of non constant non-terminal 
hyperarcs. For each non-terminal A € Nr — Fo, we take a new symbol A’ 
of arity o(A') = o(A) +1. For each (X, H) € R with X ¢ Fo, there exists a 
vertex zx € Vy — Vx because R is strict, and we define the hyperarc 


X' := X(1)'X (2)... X(|X|)rx. 
For each H € Im(R) and for each Y € H, we define the following hyperarc: 
T bg if Y(1) ¢ Ng — Fo 
Y(1VY(2)...Y((Y|)yy if Y(1) € Npr = Fo; 


where yy is a new vertex (not in R with yy 4 yz for Y # Z). By union, 
we extend to H’ := {Y' | Y € H}. 


It remains to take 
S := {(X, H) € R| (X, H) € RAX € Fo} 
U {(X', H’) | (X, H) € RA X ¢ Fo}. 


The grammar S remains simple, connected and strongly reduced of axiom 
Z. And S is non-terminal outside and generates G. Q.E.D. (Proposition 3.10) 


The transformation of Proposition 3.10 is illustrated in Figure 3.11. 


196 D. Caucal 


(x)* (x) H 
b 
A — |. ¢ A ——— s : oje ee aci] 


(y)* y) (z) * (2) c] 
FIGURE 3.12. From the grammar of Figure 2.4 to a terminal outside one. 


3.3 Separating the inputs with the outputs 

We want to extend Proposition 3.10 by separating as much as possible in 
every right hand side of the grammar input and output vertices. However 
we can observe that if a vertex of a left hand side X is of infinite degree in 
R” (X) then it must be also an output. We shall show that a grammar can 
be transformed into an equivalent one such that the non-output vertices of 
every left hand side X are the inputs of finite degree in R” (X). 

A grammar R is terminal outside if for any rule X — H, any terminal 
hyperarc Y € H with Y(1) € Tp has a vertex which is not an input: 
Vy — Vx # Ø. An outside grammar is a terminal outside and non-terminal 
outside grammar. 


Lemma 3.11. Any regular hypergraph can be generated in an effective 
way by an outside, simple, connected and strongly reduced grammar. 


Proof. Let G # Ø be a regular hypergraph. By Lemma 3.1, G is generated 
by a reduced grammar R from its axiom Z. By least fixed point, we define 
the grammar J such that Dom(I) = Dom(R) and 


I = {(X, H O TRVŽ) | X Ro => H}. 


We define grammars 
J :=4{(X,HU{X})| (X, H) E€I^AX £ Zy, and 
S := {(Z, H) | Z Ro => H} U {(X, H\_ravg) | X Ro => H}. 
For any X € Dom(R) ~ {Z}, 
S*(X) = {K — TRV3 | K € R°(X)} 


hence S” (Z) = R” (Z). Furthermore § is terminal outside but not necessary 
reduced (due to condition (iii)). 

By applying the previous constructions, the obtained grammar remains 
terminal outside and becomes non-terminal outside, simple, connected and 
strongly reduced. Q.E.D. (Lemma 3.11) 
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FIGURE 3.13. A regular graph of infinite degree. 
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FIGURE 3.14. A grammar which is not degree-outside. 


In Figure 3.12, we apply the construction of the proof of Lemma 3.11 
to the grammar of Figure 2.4 completed with the rule Z —> Azy. In 
the last figure of Section 2 and in Figure 3.9, we have regular graphs with 
vertices of infinite degree. In Figure 3.13, we give another regular graph of 
infinite degree. We shall see that there is no regular hypergraph of finite 
degree which is not of bounded degree. To compute the vertex degrees of a 
hypergraph, we separate in the right hand sides of a grammar the outputs 
from the inputs of finite degree. A degree-outside grammar R is a grammar 
such that the vertices of any right hand side which are inputs and outputs 
are the input vertices of infinite degree in the generated graph: 


V(X, H) € RVY € HOA NeVa(Vx A Vy C {s€ Vx | dre(x)(s) =w}). 


The grammar of Figure 3.13 is degree-outside but the grammar in Fig- 
ure 3.14 is not: x is both an input and an output but is of finite degree in 
the generated graph. A degree-outside and reduced grammar generating a 
hypergraph of finite degree is called an input-separated grammar: for each 
right hand side, any input is not an output. A grammar which is outside 
and degree-outside is a complete outside grammar. 


Theorem 3.12. Any regular hypergraph can be generated in an effective 
way by a complete outside, simple, connected and strongly reduced gram- 
mar. 


Proof. Let G #4 Ø be a regular hypergraph. By Lemma 3.11, G is generated 
by an outside, simple, connected and strongly reduced grammar R from its 
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axiom Z. For any hypergraph H and any P C Vy, we denote 
H, P| := HY, |Y €e HAY) € NRA2Z <i <|Y|AY() € PY 


the number of non-terminal links in H on vertices in P. 

To get from R a degree-outside grammar, we derive each right hand side 
until we cannot separate outputs from inputs. We begin with the initial 
grammar So := R; having constructed a grammar Sn with n > 0, we 
associate to each rule (X, H) € Sn a hypergraph Kx such that 


H -> Kx ^ [Kx, Vx] < [H, Vx] 


if such a hypergraph exists, otherwise Kx = H; and we define the grammar 
Sn4i i= {(X, Kx) | X € Dom(R)}. 
We finish with the grammar 
S := Sm for m = min{n | Sn = Sn4i}-. 


This grammar S is complete outside, simple, connected and generates G 
from Z. And S becomes strongly reduced by restriction to the accessible 
non-terminals from Z. Q.E.D. (Theorem 3.12) 


Note that the transformation of Theorem 3.12 applied directly to the 
grammar of Figure 3.14 which is not terminal outside, and completed with 
the rule Z —> {A123}, leaves the grammar unchanged. In Figure 3.15, 
we apply the transformation of Theorem 3.12 to a suitable grammar. The 
transformation of Theorem 3.12 is illustrated in Figure 3.16. The regular 
graph of Figure 3.16 has only two possible vertex degrees: 3 and w. Let us 
generalize this property. 


Proposition 3.13. 


a) Any regular hypergraph has a finite number of vertex degrees, hence is 
either of infinite degree or of bounded degree. 


b) The class of regular hypergraphs is closed under colouring of vertices 
whose degree belongs to a given subset of NU {w}. 


Proof. Let G # Ø be a regular hypergraph. By Theorem 3.12, G is gener- 
ated by a complete outside, simple, connected and strongly reduced gram- 
mar R from its axiom Z. We can assume that the non-input vertices of the 
right hand sides are distinct: 


V(X, H),(Y, K) € R with X #4 Y((Ve — Vx) A (Vk — Vy) = Ø) 
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Outside, simple, connected and strongly reduced grammar: 


A z (x) x) o (x) s — 
Ee ° ; ° — | B ; | B —— |) B 
9) oA y)» (y) s.s 


Equivalent complete outside grammar: 


y A (x) e =— (x)¢ (x) +e 
— . p () ss b Bi 3 | tF_er b B 
- v) v) 


A 


Generated graph: 


a a a 
.—s > 


‘| | ‘| G, 
& c c 
. ——— 1 — s 


FIGURE 3.15. Transformation of Theorem 3.12. 


and we denote by F the finite set of non-input vertices in R: 
E := |_J{Vu — Vx | (X, H) € R}. 


Let us prove Property a). For each rule (X, H) € R, we take a hy- 
pergraph K such that H => K and for every vertex s € Vy — Vx, we 


define 


Ore w if SY € K(Y (1) € NrAse Vy) 
7 dixj(s) otherwise. 
The vertex degrees of G form the set {d(s) | s € E} which is finite and 
computable. 
Let us prove Property b). Let P C NU {w} and # a colour. We want 
to construct a grammar generating 


Gp := GU {#s | s E Va Ad(s) € P}. 
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A a 
(x)¢ (x) o (x)¢ (x) ¢—— 
z — Q , ja — pe s e — A 
(y) e (y) s (y) + (y) e 
A a 
O (x) (x) +e 
Z — . ; | A | ‘A 
(y)¢ (y) 


generating the graph: 


FIGURE 3.16. Transformation of a grammar into a degree-outside one. 


To each rule (X, H) € R, we associate the hypergraph: 
H' := H U {#s | s € Va — Vx ^ dpreçm) (s) € P}. 


So the grammar {(X, H’) | (X, H) € R} generates Gp from Z. 
Q.E.D. (Proposition 3.13) 


3.4 Separating the outputs 


This last normalization subsection permits to get grammars separating for 
each right hand side the vertices of the non-terminals. A grammar R is 
output-separated if for any right hand side, distinct non-terminal hyperarcs 
have no common vertex and any non-terminal hyperarc has distinct vertices: 
for any H € Im(R) and any X,Y € HN NRVÄŘ, 


IVx] = (X(1)) A(X AY > Vx NVW = 2). 


Note that any output-separated grammar is without multiplicity. The- 
orem 3.12 cannot be extended to get grammars which are also output- 
separated. However we give a general sufficient condition on any reduced 
grammar R that allows to transform R into an equivalent output-separated 
grammar. To any hypergraph H labelled in Npr U Tr, we denote 


Comp(H) := {[C]~ | C connected component of H -Trv } 


the family of the connected components (up to isomorphism) of the set of 
non-terminal hyperarcs of H, and 


Comp(R) := |_J{Comp(H) | Z za 
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FIGURE 3.17. Regular graph not given by an output-separated grammar. 


We say that R is output-separable if Comp(R) is finite. This notion is 
illustrated in Figure 3.18. Any input-separated grammar R (reduced and 
degree-outside grammar with Gen(R) of finite degree) is output-separable: 


Comp(R) = {{Z}} U {[C]~ 


JH € Im(R) 


(C connected component of H\_r,v)}- 


Any graph generated by an output-separable grammar can be generated by 
an output-separated grammar. 


Lemma 3.14. Any output-separable grammar can be transformed into an 
equivalent output-separated grammar. 


Proof. Let R be any output-separable grammar: R is reduced and Comp(R) 
is finite. Denoting m the cardinality of Comp(R), we take hypergraphs 
Ay,...,Hm such that 


{[Ail~,---,[Hm]~} = Comp(R). 


The axiom Z of R satisfies [Z]~ = {Z} hence Z € {M,..., Hm}. For each 
1<i<™m, we take a new symbol A; of arity e(A;) = |Vm, |, we denote 


{Si,1,---5Si,o(A,)} = Vu; 
we take a hypergraph K; such that H; = K; and let 
Ci1,---;Cin, be the connected components of (Ki)|-Tavz. 


By definition of Comp(R) and for every 1 <i < m and 1 < j < ni, there 
is a unique 1 <7; < m such that C; j is isomorphic to Hi;,, and we take an 
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Output-separable grammar R: 


poe fs IN 


(2)* (2)* 


Comp(R): z 3 | ; y 


Non output-separable grammar: 


a) (1) 


a | , b — On 


(2) (2)° 


FIGURE 3.18. Output separation for grammars. 


. (aye a — si CA 
zZz —» Ja ; [2 — | eS ; (2) 6 Bo —— alae, 
! LAN, 


(2)* (2)* ° (3) ° (3) 


FIGURE 3.19. Output-separated grammar from the first grammar of Fig- 
ure 3.18. 


isomorphism h; j from H;, to Ci j: Hi, hij Ci j- We define the grammar S 
having for each 1 < i < vn, the following rule: 


Aisi, soe Si o(Ai) me [Ki] U {Ai hi 8:4) soe hig (8i;,0(As,)) | 1 < j & ni}. 
So S is output-separated and S“(Z) = R” (Z). Q.E.D. (Lemma 3.14) 


The construction of the proof of Lemma 3.14 is illustrated in Figure 3.19. 
Lemma 3.14 permits to extend Theorem 3.12 to any regular graph of finite 
degree. 


Corollary 3.15. Any regular hypergraph of finite degree can be generated 
in an effective way by a grammar which is input and output separated, 
connected and strongly reduced. 


By generation by distance from a vertex of any connected regular graph 
of finite degree, we shall get in next section a grammar normal form stronger 
than in Corollary 3.15 (cf. Theorem 4.6). The condition of a grammar to 
be output-separable is effective. 
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Lemma 3.16. We can decide whether a reduced grammar is output- 
separable. 


Proof. Left as a simple exercise on grammars. Q.E.D. 


Henceforth and considering Proposition 3.10, we assume that any gram- 
mar is reduced, proper and without multiplicity. 


3.5 Canonical regular graphs 


A grammar R generates from a hypergraph K a family R” (K) of isomorphic 
hypergraphs. We present here a canonical way to extract a representant 
Gen(R, K) in this family. A vertex s of Gen(R, K) is the word of the path 
of the non-terminals plus the non-input vertex which are used to get s by 
rewritings. Up to a label renaming with adding rules, we assume that K 
and each right hand side of R has no two non-terminal hyperarcs with the 
same label: for every H € {K}UIm(R), 


Y,Y’€ HAY ZY'AY(1),Y'(1) € Np => Y(1) 4 Y'(1). 


We denote by Vr the vertex set of K plus the set of non input vertices of 
the right hand sides of R: 


Vr := Vg UL {Vi — Vx | (X, H) € R}. 


To each word u € Np, we associate for each non-terminal A € Nr a new 
symbol A, of arity o(A), and for each hyperarc X, we define 


gaca if X(1) ¢ Nr 
i X(1)a X (2)... X(( X|) if X(1) € Npr, 
that we extend by union to any hypergraph H: Hu := {Xu | X € H}. To 
each rule (X, H) € R and hyperarc Y with Y (1) = X(1)u, u € Np and 
Vy C NpVp, we associate the finite hypergraph Y := h(H)ux(1) where h is 
the function defined for every vertex r € Vy by 


Beginning with the hypergraph Ho = Ke and having defined H, for n > 0, 
we construct 


Ani i= [Hn] U {F | Y € Hn Adu € NA(Y (1) € (Nr)u)} 
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Axiom K: z0 


Grammar R: 


(1) G) (1). G) (1)+ a) Ss (r) 
A— e| B ; | Be e| Cc. ; | C— J A/A 
d 


(2) 2)" * p) (2) (2) a e (2) 


_(s) _(s) ny ye ABO) 
Ae = a B Cc 
| [Ne dS i ae, sis 
fe f—- 
(t) (t) (Ap) ars (Ap) i (ABa) ‘ae (Ap) ( (ABa) 


Canonical ee Gen(R, K) represented by vertices of increasing length: 


peo o ee ey UAR (ABORTED a 
T (Ap) ( (ABa) (ABC (ABCAp) ( (ABCABa) 


FIGURE 3.20. Canonical graph generated by a grammar. 


in order to define the following terminal hypergraph: 


Gen(R, K) := (J [Hn]. 
n>0 


Such a hypergraph is generated by R from K: Gen(R, K) € RY(K). In 
Figure 3.20, we illustrate the previous construction. 


The vertex set of Gen(R, K) is regular because 


Vcen(R, K) = Vk U Uia | AE Fe Nr} 


where the family of languages L4 for all A € Np is the least fixed point of 
the following system: for each (X, H) € Nr, 


Lxa) = X(1).((Va — Vx) Ul {La | A € Fu N Np}). 
For the grammar R of Example 3.20, we have 


La = AÑp} U Lge); Le = B({a} U Lc); Lo=C({r}U La) 
hence Voen(r) = {8,t} U La = {s, t} U (ABC)*{Ap, ABq, ABC r} 
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@Q) (Cr) 


i e«—— Se 


| oH [Pea 


f ee 
(2) (CAp) 


FIGURE 3.21. Genc ap(R, C12) for the grammar R of Figure 3.20. 


For any non-empty finite @ # E C Vaen(r,K), we define the least approxi- 
mant Geng(R, K) of Gen(R, K) whose vertex set contains Æ, which is the 
hypergraph obtained from K by a minimal number of rewritings to generate 
all vertices in E. Precisely we begin with Hp = Ke; having defined H,, for 
n > 0, either we can choose Y € H, with Y (1) € (Nr)u for some u € (Np)* 
such that EQ u(Npr)tVg # Ø, and we take Hy+1 = (Hn — {Y} UY or if 
such a Y does not exist, we finish with Geng (R, K) = Hn. In Figure 3.21, 
the least approximant of Gen(R,C12) containing E = {C Ap} is depicted, 
where R is taken from Figure 3.20. Note that the hypergraphs Hn given to 
define Gen(R, K) = U„>o| Hn] are approximants: 


Hn = Geng, (R, K) for En = {v € Veen(r,x) | |v] <n +1}. 


The canonical graph of a reduced grammar R of axiom Z is Gen(R) := 
Gen(R, Z). 


4 Generation by distance 


In the previous section, we have considered transformations of grammars 
into equivalent normalized grammars. We now investigate transformations 
to get grammars generating hypergraphs by vertices of increasing distance 
from a given colour, either by accessibility or by non-oriented accessibility. 


4.1 Regularity by restriction 


The regularity of a graph is preserved by restriction to the vertices having 
a given colour. 


Proposition 4.1. The class of regular hypergraphs is closed under restric- 
tion to the vertices having a colour in a given set. 


Proof. Let G # Ø be a regular hypergraph. By Theorem 3.12, G is gen- 
erated by an outside, simple, connected and strongly reduced grammar R 
from its axiom Z. Let P be a colour set. We want to construct a grammar 
generating 

Gp := GlfseG|aceP(csEG)} 
We can restrict P to a unique colour #, otherwise we take a new colour d to 
colour all the vertices of G having a colour in P, then we do the restriction of 


206 D. Caucal 


Ph i? G)» (1)e— 2 h G)» ajag 

Z Se aJa J)e 3 | — c| JA ; | — a 
ie + (2) (2) +-~—- s (2)¢ (2) «-~—- s 
af aÝ Tiy) i 

{ + reduced 

ist ie G)» a) e —> # (1)¢ 

Zg — ‘lara Je 3 Ajg me c Ai $ |= — Ja 
ie o# (2) ° (2)¢ (2) ow o 4# 


a) a) —— # (1)e o# 
a — Ai 3 |- — Ja 
(2) + + (2)¢ ° 


FIGURE 4.1. Grammar transformation for the restriction to colour #. 


G to the vertices coloured by d and we remove this colour. To each A € Nr 
and each I C [o(A)], we associate a new non-terminal A; of arity @(A). For 
each rule (X, H) € R and I C [e(X(1))], we define the hypergraph 


Hy := {Y € H | Y(1) € TrAV1 <i < |Y\(#Y(i) € HV Y (i) € [X,I])} 
U{ByY |BENRABY CHAT={j|1 <j <|YIA 
(#YG) € HV Y(j) € [X, J] }} 


with [X, I] := {X(¢+1) |i € I}. Thus the grammar 
{(ArX, Hr) | Ae NRA (AX, H) E RAT C [o(A)]} 
generates Gy from Zø. Q.E.D. (Proposition 4.1) 


By Propositions 3.13 and 4.1, the regular graphs are closed by restriction 
to a given set of degrees. The construction of the proof of Proposition 4.1 
is illustrated in Figure 4.1. 


4.2 Regularity by graduation 

A graduation g of a hypergraph G is a mapping from Vg into N such that 
only finitely many vertices have the same value by g i.e. g7! is locally 
finite: g7t(n) = {s € Va | g(s) = n} is finite for every n > 0. We shall 
define the regularity of a hypergraph by vertices of increasing graduation. 
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is (1)s a) (1)s a) a 1) 

z a Oe ; pz N ames xy ; = Ts 
X (2) —_. . . 


FIGURE 4.2. Generating the graph of Figure 3.20 by (length —2). 


Precisely for every n > 0, we denote 


Gig.n >= Gifs\g(s)<n} 
-= {X E G| g(X(2)) <nr...Ag(X(X)) < n} 
and OgnG := {s | g(s) < n^ 
AX € G(s € Vx Ast € Vx(g(t) > n))} 
= {s € Va-G,n | 9(8) < n} 


the nth frontier of G by g. This is illustrated by the following diagram: 


G: n 
! 
a, Senne 
Gg,n 
go 


where Gg n contains all edges depicted by a full line and 0,,,G is the set of 
circled vertices; note that 


Veen N Ve-Gy.n © Og nG. 


We say that a hypergraph G is regular by g if there exists a terminal 
outside grammar R such that for every n > 0, R generates from its axiom 
Z by n+ 1 parallel rewritings the hypergraph Gg, n of terminal hyperarcs, 
plus a set of non-terminal hyperarcs of vertex set ôg nG 


Vn > 04H (Z me H ^ [H] = Gg,n A Vay = 3g,nG); 


we also say that R generates G according to g. Observe that if G is con- 
nected and Gg,m # Ø, we have for n > 0, 


Og,m+nG = 9: => Gaman =G. 


When Vg is a language, then word length may be used as a graduation. For 
instance, the canonical graph of Figure 3.20 is regular by length. 


Proposition 4.2. Any canonical hypergraph is regular by length. 
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The graph G = {n “+n+1|n>0}U{n—>w|n> 0} with the 
graduation g(n) = n for n > 0 and g(w) = 0 yields the graph Gé: 


—— - s t 


ye 


0 


0? a Ty E. E E S, 
b Ss 


The graphs GJ for n > 1 are all equal to the following graph: 


a 0 a il a 2 
Sa ee Fed: 


0 
: 
FIGURE 4.3. Graph decomposition. 


Proof. Let R be a grammar. Let us construct a grammar generating Gen(R) 
by length. By Lemma 3.11, we get a terminal outside grammar S' with the 
same canonical hypergraph: Gen(S) = Gen(R). As S is outside, S generates 
Gen(S) by length minus 2. By denoting Z the axiom of S$ and by adding 
two new constant symbols Zo, Z1, we complete S into SU{ (Zo, Z1), (Z1, Z)} 
which generates Gen(S) by length (from Zo). Q.E.D. (Proposition 4.2) 


Proposition 4.2 implies that any regular hypergraph is regular by some 
graduation. A dual way to express the regularity by graduation is by decom- 
position: we remove iteratively on the graph the vertices with graduation 
less than 1,2,..... The decomposition allows to avoid the explicit use of 
grammars. The decomposition at level n > 0 of a hypergraph G by a grad- 
uation g is the following hypergraph: 


GI := (G — Gg n-1) U {max{0, g(s) — n}s | s E Ve_-a, n1t 


obtained from G by removing Gg,n—1 with Gg,—1 = Ø and by colouring any 
remaining vertex s by the integer max{0, g(s) — n} (assuming that G has 
no integer colour otherwise we must use a new integer colour: p’ for each 
p > 0). In particular Gf = GU {g(s)s | s € Va}. We give an example in 
Figure 4.3. 


We say that a hypergraph G is finitely decomposable by a graduation g if 
the disjoint union 


YGS = {X(1)(X(2),n)...(X(X)),n) |n 20A X € G3} 


n>0 
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only has a finite number of non-isomorphic connected components. For in- 
stance the graph G of Figure 4.3 is finitely decomposable by its graduation g 
with only two non isomorphic connected components: G4 and G]. Another 
example is the complete binary tree 


T:= {u = ua | u € {a,b} *} U {u > ub | u € fa, b}*} 


which is finitely decomposable by length: TÌ! and for every n > 1, any 
connected component of Th! is isomorphic to T! l, 

A last example is the semiline N which is regular but is not finitely 
decomposable using the graduation associating to n > 0 the n + 1st prime 
number. By definition the vertices of G9, coloured by 0 are vertices of G 
coloured by some i < n: 


{s | Os € G9} C {s € Va | g(s) < n} 


which is finite. In particular any connected component C of X` „>o G3, has 
a finite set Volo = {s € Vo | 0s € C} of vertices coloured by 0. So any 
hypergraph G finitely decomposable by g is bounded connected by g in the 
following sense: 


e there exists b > 0 such that |Vc,o| < b for every connected component 
C of Sages 


or, equivalently, 


e there exists b > 0 such that |{s € Vo | g(s) < n}| < b for all n > 0 
and for every connected component C of G — Gg,n-1- 


It follows that finite decomposition is a less powerful notion than reg- 
ularity (by some graduation). The regular graph G of Figure 3.17 has no 
finite decomposition because it is not bounded connected by any gradua- 
tion g: the decomposition G9 at any level n has a connected component 
containing all the vertices of infinite (in-)degree. 

The finite decomposition of a hypergraph G by a graduation g also 
imposes that G has finitely many connected components. It is due to the 
fact that G§ has a finite number of non isomorphic connected components, 
and no connected component can be infinitely repeated because g is locally 
finite. 

Any finite decomposition can be done by a grammar generating what 
we remove; the converse is true when the hypergraph is bounded connected 
by the graduation and has only a finite number of connected components. 


Proposition 4.3. Given a graduation g of a hypergraph G, G is finitely de- 
composable by g if and only if G is regular by g and G is bounded connected 
with finitely many connected components. 
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Graph G = {(m,n) “+ (m,n+1) | m,n > 0} 
Graduation g(m,n) =m+n 


Go: 0 1 2 3 


a a a 
—:- >: > ss 


1 a 2 a 3 
—-——_:- --- 


FIGURE 4.4. Graph regular by graduation, bounded connected, but not 
finitely decomposable. 


Proof. =>: Let G be a hypergraph finitely decomposable by a graduation 
g. As already mentioned, G is bounded connected by g and G has only a 
finite number of connected components. It remains to be shown that G is 
regular by g. Recall that for any n > 0, 


GI := (G — Gg,n—1) U {max{0, g(s) — n}s| s E Ve_a, 1} 
with G? = Ø. We define 
G4 := (G — Gan) U {max{0, g(s) — n}s | s € Ve-c,n} 


obtained from G9, by removing the hyperarcs whose vertices are all coloured 
by 0 (only a finite number) and then by removing the isolated vertices 
coloured by 0. Let E be a maximal set of non-isomorphic connected com- 
ponents of {GY | n > 0}. By hypothesis {G¥ | n > 0} has a finite number of 
non-isomorphic connected components, hence F is finite. For each C € E, 
we order the set Vc,o of vertices of C coloured by 0: 


{(C, 1), Bradi (C, |Ve.ol) } a Vovo, 


and we take a new symbol [C] of arity |Vc,o|. Note that for every n > 0, 


g 
Ghat 


= (GY — {cs € G? | ce N}) 
U {max{0,c—1}s | cs € GY AcE N}. 


To each C € E, we associate the hypergraph 


C := (C — NVc) U {max{0,c—1}s|cs EeCAcEN} 


Deterministic graph grammars 211 


which is isomorphic to a connected component of {G9 | n > 0}, and we 
define 
E' := {C"| Ce E}U {G9}. 


For each C € E’, the connected components of 
C-{X €C|Vx CVeoA X(1) EN} 


and not reduced to a vertex coloured by 0, are denoted by C1,...,Cn,. For 
each 1 <i < ng, there is an isomorphism h; from C; to a unique D; E€ E. 
To each C € E’, we associate the hypergraph 


(C) = {X € C | X(1) ENA Vx C Veo} 
U {[DiJhy((Di,1))..-h7\((Di,|Vp,0l)) 11 < i < no}. 


Finally the following outside grammar: 


R= { (Z, (G3))} U {(ICHC, 1) . - . (C, |Vc,ol); (C") | C € E} 
generates G from Z and according to g. 


<=: Assume that G is regular by g, bounded connected by g and has a 
finite number of connected components. We want to show that G is finitely 
decomposable by g. We can assume without loss of generality that G only 
has one connected component,?. e. that G is connected. 

There exists an integer b such that for any connected component C' of 
ye n>o G4, |Ve| < b. Consider an outside grammar R generating G by 
g from its axiom Z. By the transformation of Lemma 3.3 splitting any 
hyperarc into connected hyperarcs, we can assume that R is connected. 
Consider an infinite parallel derivation 


Z => Ho... Hn = Anyi =>... 
R R R 


For every n > 0, we have 
[Hn] = Gon and Vit, —[Hn] = bg nG 
hence 


{s | 0s € G9} = {s € Vaza, nı | 9(s) < n} 
> {s € Va-G,n | g(8) < n} 


thus 


Vi,—[Hn] = 9g.nG = {8 € Va-G,n | 9(8) < n} C {s | Os € G3}. 


n 
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Gradued graph of finite decomposition 


FIGURE 4.5. Grammar for a finitely decomposable graph. 


Then for any n > 0 and any connected component K of H,—[Hn], |VK] < b. 
It follows that {Hn — [Hy] | n > 0} has a finite number of non isomorphic 
connected components, and we take a maximal set Æ of non isomorphic 
connected components. Consequently E is finite and the R” (K) for any 
K € E are, up to isomorphism, the connected components of {G — Gyn | 
n> O}. 

For each K € E, we take K = Ko = ky... Ky = Knit = sao 


derivation generating the hypergraph K’ = Un>ol Kn] which we complete 
by an integer colouring as follows: E 


K := K' U {min{n | s € Vx,,,}8| 5 € Ve} 


So {K | K € E} are up to isomorphism the connected components of 
{G9 | n > 0}. Hence G is finitely decomposable by g. Q.E.D. (Proposition 4.3) 


The transformation of the necessary condition of Proposition 4.3 is illus- 
trated in Figure 4.5. 


4.3 Regularity by accessibility 


A usual problem in graph theory is the accessibility problem. This problem 
consists in computing the set of vertices accessible from a given initial set. 
Here we transform any grammar into another one generating the same graph 
plus a colouring of the vertices accessible from (vertices with) a given colour 
(cf. Proposition 4.4). This grammar transformation is expressed by least 
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FIGURE 4.6. Computation of the vertices accessible from 7. 


fixpoint on the grammar. Finally we give a rooted regular graph of finite 
degree which cannot be generated by accessibility. 

The accessible vertex set Acc(G, i) of a hypergraph G from a colour i is 
the smallest subset of Va containing the set Vg; of vertices coloured by i 
and closed under the following accessibility property: 


fvi.. -Uo(f) E GAo(f)>1A,... »Vo(f)—1 € Acc(G, i) 
= Vof) € Acc(G, i) 


Equivalently Acc(G, i) is the least solution of the following equation: 
Acc(G, i) = Va, U Succe(Acc(G, i)) 
for the following successor relation: 
Succg(E) := {v | FEtuNG # Ø} for any E C Vo. 


So a hyperarc realises an “and” boolean function: we access via a hyperarc 
fvi... Vof) its last vertex vof) if we have accessed all its other vertices 
V1, ...,Uo(f)}—1- A hypergraph G is accessible from a colour i if Acc(G, i) = 
Va. For instance the hypergraph G = {fayz, gry, ha,c} of Figure 2.1 is 
accessible from h: Acc(G,h) = {x,y,z}, but the hypergraph G = {iz, jy} 
is not accessible from a unique colour. 

We say that a vertex r of a hypergraph G is a root if Acc(GU{ir}, i) = Ve 
for i a new colour: i ¢ Fg. Let us mark by a given colour # the accessible 
vertices of any regular hypergraph: we shall transform any grammar R 
generating a hypergraph G into another grammar generating GU {#v | v € 
Acc(G,i)}. This is illustrated in Figure 4.6. The method simply translates 
the least fixed point defining Acc(G, i) to a least fixed point on the grammar 
generating G. 


214 D. Caucal 


Proposition 4.4. The class of regular hypergraphs is effectively closed 
under accessible colouring. 


Proof. Let R be a grammar of axiom Z generating a hypergraph G. For 
colours 1,#, we want to construct a grammar generating G U {#v | v € 
Acc(G,v)}. Let 1,...,0(R) be the vertices of the left hand sides of R: up 
to renaming, we assume that each left hand side X € Dom(R) of R is of 
the form X = X(1)1...o0(X(1)). To each rule Al... 0(A) — Hy in R and 
each I C [e(A)], we associate the set Acc(A, I) of vertices in Vz, which are 
accessible from J and the vertices coloured by z in a(ny) graph of R” (Ha). 
This family of sets Acc(A, T) is the least fixed point of the following recursive 
system: 


Acc(A, I) := IU {v | w € Ha} 
U {v € Vu, | Tr(Ace(A,I))tun Hy 4 Ø} 
U {Y (i) | IB € Na(BY € HaA1<i<|Y|A 
i € Acc(B, {j | Y(j) € Acc(A, I)}))}- 


Precisely we take a linear order on the set 
M :={(A,I)| AE NeAT C [o(A)]} 
and we define 


E:={ [| ParlYAENRYIC JC [o(A)]Par E Pas). 
(A,I)EM 


So E is a complete finite set for the inclusion componentwise whose smallest 
element is @ = (@,...,@). Then we define the mapping f: E — E by 


(r Il Po)) = IU {v| we Ha} 
(B,J)EM AI 


U {vu € Vi, | TRP} Ha # Ø} 
U {Y (i) | IB € Nr(BY € Had 
1<i<|Y|^ie PB {IY GEPA) 


Thus f is monotonous: 
(V(A, I) € M(Pa,r C Qa.r)) = al Il Par) & r( II Qa, 1). 
(ADEM (ADEM 


As E is finite, f is continuous and by the Knaster-Tarski theorem: 


U f”(@) is the least fixed point of f. 
n>0 
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Z — | ; |. — b |» ; |» — S <| 
K (y) + (y) « (y) « (y) « ° 
+4 Œ) (x)"s +4 ) e e# 
40 [az ; [a j e LA | 3 |: — AEE 
# (y) (y) « ° (y) (y) # 


FIGURE 4.7. Colouring from i for the grammar of Figure 4.6. 


So we define for every (A, I) € M, 
Acc(A, I) (U f"(S air 
n>0 


To each (A, I), we associate a new non-terminal A; of arity o(A), and we 
define the following grammar: 


S := {(Ar1...o(A), Ha r)| AE NR ATC [0(A)]} 


where 


Hay := (H4 NTRVĀ,) U {#v | v € Acc(A, I) — [o(A)]} 
U{Bry(yeace(A,n}¥Y | BY € Ha NB E Np}. 
with a restriction to the rules whose non-terminals are accessible from Zg. 


Thus S generates from Zø the hypergraph G U {#v | v € Acc(G,1)}. 
Q.E.D. (Proposition 4.4) 


The construction in the proof of Proposition 4.4 is illustrated in Figure 4.7. 


The colouring by accessibility of a hypergraph G is a particular case 
of regular colouring by a finite hypergraph H whose vertices are colours 
i.e. Vg C F, and is the hypergraph defined as the least fixed point of the 
equation: 


GOH := GU {eg pvp) | Ifv.. -Vap E G afc... cog) € H 
(c10, +--+; Co(f)-1Ve(f)-1 EG Q H)}. 
In particular 
GU {#v | v € Acc(G, i)} 
D ({t#}ULf#...#| f € Fa ^elf) > 1). 
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Let us extend Proposition 4.4 to any regular colouring. 


Proposition 4.5. The class of regular hypergraphs is effectively closed 
under regular colouring. 


Proof. We adapt the proof of Proposition 4.4. Let H be a finite hypergraph 
with Vy C Fi. Let R be a grammar of axiom Z generating a hypergraph 
G. We assume that the rule associated to any A € Np is of the form: 


Al...0(A) — Ha. 


To each A € Np and I C Vy[o(A)], we associate the terminal hypergraph 
Acc(A, J) such that the family of these hypergraphs is the least fixed point 
of the following recursive system: 


Acc(A, I) := IU [Ha] U (Acc(A, I) 8 H) 
U {cY (i) | 3B € Nr(BY € Ha A1<i<|Y|A 
ci € Acc(B, {dj | dY (j) € Acc(A, I)}))}- 


To each (A, I), we associate a new non-terminal A; of arity 0(A), and we 
define the following grammar: 


S := {(Ar1...o(A), Har) | AE NRA^AIC Vglol(A))} 


where 


H41 := (Acc(A, I) — Va [el A)]) 
U {Biajjay (i eacea,n}Y | BY € Ha A BE Np}. 


Thus S generates from Zø the hypergraph GQ H. Q.E.D. (Proposition 4.5) 


We now consider the generation by accessibility. Taking any hypergraph 
G (whose vertices are) accessible from a given colour i, we map each vertex s 
to the minimum path length g(s) to access s from i; precisely and inductively 


g~ (0) = Vai 
g* (n+ 1) = Succe(g™ (< n)) -g+ (< n) 


where g-!(< n) := g71(0) U... U g7*(n). For instance the graph of Fig- 
ure 3.20 is regular by accessibility as shown in Figure 4.8. 

Note that any hypergraph which is regular by accessibility is of finite 
out-degree and has a finite number of vertices coloured by the initial colour. 
In Figure 4.9, we give a regular graph of finite degree, accessible from a 
colour, and which is not regular by accessibility from this colour. 
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(1) e my (1)¢ O +> 
Bop wage ; a —— INEZ f [2 — yy” 
2 


(2) 


FIGURE 4.8. Generating the graph of Figure 3.20 by accessibility from 7. 


i e ——pe ——> oe ——_ > oe —__ > oe —_ > —_ > 


ae ae a 


FIGURE 4.9. Regular graph not regular by accessibility from i. 


4.4 Regularity by distance 


Another usual graduation is the distance from a given vertex set E: 


da(s, E) := min{dg(s,t) | t € E} 
where da(s, t) := min({n | s TA tU {w}). 


For instance the regular graph of Figure 2.7 remains regular by distance 
from the vertices coloured by 1 or 2 using outside grammar of Figure 4.10. 
We denote by da(s,i) := da(s, Vegi) the distance in a hypergraph G of a 
vertex s to the set of vertices coloured by 7. Note that the nth frontier of 
G by distance from i satisfies 


Og nG = {s E Ve-Gan | d(s, 1) = n}. 


We say that G is finitely connected by i if there is only a finite number of 
vertices coloured by 2, and from which all vertices are connected: Vg, is 
finite and d(s,i) < w for any s € Va. Any grammar generating a hypergraph 
G of finite degree and finitely connected from a colour 7, can be transformed 
in an effective way into a grammar generating G by distance from i. Such 
a graph G is also bounded connected by distance. 


Theorem 4.6. Any finitely connected regular hypergraph of finite degree 
is finitely decomposable by distance. 


Proof. In part (i), we introduce the notion of frontier and of interface that 
allow to uniquely characterize any subset of hyperarcs in a hypergraph. 
Taking a regular hypergraph G finitely connected and of finite degree, we 
construct in part (ii) the canonical grammar generating G by distance. Part 
(iii) shows that this canonical grammar is indeed finite. Using (i)—(iii), we 
got that G is regular by distance. In (iv), we show that G is bounded 
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1 a 
: (x) (x) «—ts. 
zZ — |. 9 |. — B 
. (y) s (vy) s 
2 
(x) * (x) sie (x) (x) + —Ses 
a ES o 3 o Jo — v) — 
(y) (y) Ee e (z) (2) s 
(x) « Gjani (x) (x) EELA 
Sy | A 
D — F 9 E — d G 
a 
o) o) let] con o) T 
(x) (x)  —— (x) Gamen 
A 
(y) 4. — (vy) + 5 &) Jo — y) — 
E 
(z) o (z) e] (2) (z) a] 


FIGURE 4.10. Grammar generating the graph of Figure 2.7 by distance. 


connected by distance, and hence using Proposition 4.3, we deduce that G 
is finitely decomposable by distance. 


(i) Let G be any hypergraph. Consider any sub-hypergraph H C G such 
that for any connected component C of G, H N C #C. Such a hypergraph 
H is characterized by its frontier: 


Fro(A) := Va N Va-H 
and by its interface: 


Ing(A) := {X € H | Vx N Fre(H) 4 Ø} 
={X € H | Vx N Ve- £ Ø}; 


in particular Fre(H) C Ving(m)- The charaterization of H by Fre(H) and 
Ing(H) follows by this equality: 


H = G(Ing(H), Fre(A)) 


where for any K C G and any P C Vg, the hypergraph G(K, P) is the least 
fixed point of the following equation: 


G(K,P)=KU{X €G| Vx N Vex, FONVKX NP = Ø}. 


(ii) Let R be a grammar generating a finite degree hypergraph G finitely 
connected by a colour 4. We want to show that G is regular by distance d 
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from t: 
d(s) := d(s,t) for any vertex s of G. 


By Theorem 3.12, we can assume that R is complete outside and connected. 
Up to a label renaming with adding rules, we assume that each right hand 
side has no two non-terminal hyperarcs with the same label, and we denote 
by Vpr the set of non input vertices of the right hand sides of R: 


Vr = (J{Va - Vx | (X, H) € R}. 


Let Z = Ho = Hı... Hn = Anji = ... be the derivation generating 


Gen(R): U,>olnl = Gen(R). As the set Va, of vertices of G coloured 
by v is finite, we denote by m the minimal derivation length to get all the 
vertices of G coloured by «: 


m := min{n | Vp > n((Hp — Hn) N Vp, = @)}. 


As G is of finite degree and R is degree-outside, each rule of R has no output 
which is an input, hence 


Gen(R)an C [Hm+n] for every n > 0. 
For every n > 0, we get 
a,n Gen(R) = {8 © Vi, 4n—Gen(R)an | U(s) = n}. 
For every n > 0, we denote by {Pn1,..-, Pr.r, } the partition of Og Gen(R) 
into connected vertices of Gen(R) — Gen(R)a,n i. e. of Hmin — Gen(R)an, 


and for every 1 < i < Tn, 


Kni = {X E Gen(R) => Gen(R)an | Vx A Pira Æ D} 
= {X E [Hm+n+1] = Gen(R)a,n | Vx Q Pag Æ D}. 


Thus for every n > 0, 
Gen(R) — Gen(R)a,n = |] Gen(R)(Kn,i, Pai) 
i=1 


The left residual of C C Gen(R) by u € Np is 


u*C := { fui.. -ueg | fluu)... (ung py) € C} 


and pc is the greatest common prefix in Ný of the vertices of C. We 
take a linear ordering < on Npr U Vp that we extend on NRVr by length 
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lexicographic order. For any n > 0 and 1 <i < rn, we define prj := PKn 
and we define the hyperarc 


Ani = Wy, Kni Pn iPni)s1 -Sq 


with {s1,...,5¢} = Pr, and sı >... > sq; note that the label is a pair of 
a finite graph with a vertex subset. We define the grammar S := Un >o Sn 
with 7 


So := {(Z, Gen(R)ao U {Xo1,---,; Xo,ro})} 


and, for all n > 0, Sn+1 := Sn UT where T contains all pairs 
(Xni, Kn i US Xnsas | Patis N Vena FB) 


with 1 < i < rn ^A Xn i(1) ¢ Ng,. The finiteness of S is shown in (iii). For 
any n > 0 and1<i<r,, S generates from Xn, and by distance from 4 
the connected component of Gen(R) — Gen(R)a,n containing P,,;. Thus S 
generates from Z the hypergraph Gen(R) by distance from v. 


(iii) Let us show that S' is finite. This is obtained by giving a bound b 
such that dgencry(s,t) < b for any n > 0, any connected component C of 
Gen(R) — Gen(R)an and any s,t € Vo N a,n Gen(R). It is sufficient to 
extract such a bound for any n > no with no the smallest integer such that 
Gen(R)a,no 2 [Hm]. As R is a connected grammar, we take the following 
integer: 

c := max{dpe(7)(s,t) | H € Im(R) A s,t € Va}. 


Let n > no. Let C be a connected component of Gen( R) — Gen(R)a,n and 
let s,t € Vo with d(s) = n = d(t). We take a vertex z of C of minimal 
length. As z € Vo, we have d(z) > n. By definition of Gen(R), z = wr for 
w € Np and r a vertex of a right hand side of R. 

Consider an undirected path of minimal length from s (resp. t) to 4; 
such a path goes through a vertex « = wp (resp. y = wq) for some vertex 
p (resp. q) of a right hand side of R. Hence 


d(x,y) < c, d(x,z) < c d(y,z) <e 
for distances on Gen(R). Thus 
d(s,x) + d(x) = d(s) < d(z) < d(z, x) + d(x) < c+ d(x) 
so d(s,x) < c. Similarly d(t, y) < c. Finally 


d(s,t) < d(s,x) + d(x,y) + d(y,t) < 3c. 


Deterministic graph grammars 221 


Finally b = 3c fits (for any n > no). 


(iv) By Proposition 4.3, it remains to verify that G is bounded connected 
by d. Let C be a connected component of Ces for some n > 0. So 
C’ := C — NVo is a connected component of G — Ga» with 


Vo.o = Væ N bd nG. 


By (iii) we get da(s, t) < b for any s,t € Vc,o. As G is of finite degree, let D 
be the maximum degree of its vertices. Thus for any connected component 
C of $>; G4, we have 


Vere] < D? + D! +... + D’ 
meaning that G is bounded connected by d. Q.E.D. (Theorem 4.6) 


The generation by distance is illustrated in Figure 4.11 with x > y and 
p > qand 


= ({p = Ax, Ay > q}, {p, ah) 


C= ( 

D = ({r => Ba,r > s}, {r}) 

E= ({z — Ar, Ay aes y}, {x, y}) 

F = ({Ba — BAr, Br + By, By > s},{Bz, s}) 
G = ({Ar 4 AAz, Ar — Ay, Ay > y}, {Ax, y}). 


5 Graph grammars and pushdown automata 


A pushdown automaton is a particular case of a labelled word rewriting 
system whose rules are only applied by suffix. Pushdown automata even 
in a weak form and the rewriting systems define the same graphs by suf- 
fix rewriting, which are exactly the regular graphs of bounded degree (cf. 
Theorem 5.11). 


5.1 Suffix transition graphs 


A labelled word rewriting system is just a finite uncoloured graph whose ver- 
tices are words. Its set of unlabelled suffix transitions is the suffix rewriting 
relation, whose transitive closure is a rational relation (cf. Proposition 5.2). 
Its set of labelled suffix transitions is called a suffix graph. Any regular 
restriction of this graph is regular by length (cf. Theorem 5.6). Conversely 
any regular graph of finite degree is a regular restriction of a suffix graph 
(cf. Theorem 5.8). 
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Taking grammar R of Figure 4.1 


(P) (x) (x) 45 


is H is (1)« (1) «+ —*s. # (1) (1) «-—S». 
it : (2) $ (2) o-<—$ (2)¢ (2) s—— s 
(af F By) Bi 


its canonical graph Gen(R) is 


(Zp) a (ZAx) „ (ZAAx), (ZAAAx) (Zr) a (ZBx) , (ZBAx), (ZBAAx) 
ie —> ee —— s —_ > e ie ——> s ——> s ——— 
# # 
| ‘| | [e | | | sea 
i ea sa saie’ e e e i’‘l 
#(Zq) © (ZAy)b (ZAAy) (ZAAAy) #(Zs) b HZBy) > (ZBAy)> (ZBAAy) 


The construction of Theorem 4.6 gives the grammar: 


(Zp) a (ZAx) a (ZAAx) 
ie # (Zp) (Zp) e ==>; #  (ZAx)o (ZAx) e — =>. # 
2, = ale ford ; le o J ; n = e|)” 
Zr 
itt (25 (Za) ¢ (Zq) «-<——_ (ZAy)e¢ (ZAy) ——€¢ 
(Zza) b (ZAy) b (ZAAy) 
a (ZBx) a (ZBAx) a (ZBAAx) 
(Zr) , — (ZBx)¢ (ZBx)+——e # (ZBAx)} (ZBAx) ——ee # 
A ESA Pa ; FE = € i ; |e ==> < |e 
(Zs) oy (Zs) (Zs) (ZBy) (ZBy )+<—'s 
( b (ZBAy) 


FIGURE 4.11. Generation by distance. 


We fix a countable set T of symbols, called terminals. A labelled word 
rewriting system S is a finite subset of N* x T x N* where N is an arbitrary 
alphabet of non-terminals; we write u aah v for (u,a,v) E€ S, and define 


Dom(S) := {u | da € T Ww € N*(u > v)} its left hand sides, 
Im(S) := {v | Ja € T Ju € N* (u > v)} its right hand sides, 
Ws := Dom(S) U Im(S) the words of S, 

Ng := {u(t) |wue Ws Al <i < ful} its non-terminals, 

Ts := {a E T | Ju, v € N* (u si v)} its terminals. 


Rewritings in a rewriting system are generally defined as applications of 
rewriting rules in every context. We are only concerned with suffix rewriting. 
Given a rewriting system S and a terminal a € Tg, we call labelled suffix 
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a 
rewriting — the binary relation on N% defined by 
S 
a a e 
wu —4 wv for any u —> v and w € Ng. 
S 


Example 5.1. Consider the rewriting system S = {€ —. ab, bab > ab}. 
We have 


1 2 2 1 2 
bb — bbab — bab — ab — abab — aab... 

S S S S S 
For any rewriting system S, the unlabelled suffix rewriting is 


— := U 5, = {wu — w |u = v^ w € Ni} 
3 a€Ts 3 


and its reflexive and transitive closure (by composition) —>* is the suffix 
s 


derivation. In Example 5.1, we have bb is bb and bb at ab. We denote 
by 


the transitive closure of —. A well-known property is that the set of words 
S 


deriving by suffix from a given word is a regular language, and a finite au- 
tomaton accepting it is effectively constructible [2]. This property remains 
true starting from any regular set of words. More generally, the suffix deriva- 
tion is itself a rational relation: it can be recognized by a transducer 7. e. a 
finite automaton labelled by pairs of words. 


Proposition 5.2 (Caucal, [4]). The suffix derivation of any word rewriting 
system is effectively a rational relation. 


Proof. We give here a construction improved by Carayol. 


(i) Let N be any alphabet. For any P C N* and for any word u € N*, we 
denote by u | P the set of irreducible words obtained from u by derivation 
according to P x {e}: 


ul P:={v|u — *v, -> }. 


Px{e} Px{e} 


We extend by union | P to any language L C N*: 


L|P:=|J{ul P| we ZL}. 
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A standard result due to Benois [1] is that for P regular, the operation | P 
preserves regularity: 


L, P € Rat(N*) => L | P € Rat(N"). 


Precisely, we have 
L| P= — *(L)—N*PN* 
Px{e} 
It remains to show that the image —>» * (L) of L by the derivation —» * 
Px{e} Px{e} 

is regular. This property is true even if P is not regular. Precisely and for 
L regular, there is a finite automaton A C Q x N x Q recognizing L from 
an initial state i € Q to a subset F C Q of final states: L(A, i, F) = L. By 
adding iteratively ¢-transitions between states linked by a path labelled in 
P, we complete A into an automaton B which is the least fixpoint of the 
following equation: 


B = AU {p -> q | due P(p = q)}. 


Note that we can refine B by saturating A with only elementary ¢-transi- 
tions: 


B= AU{p—> q|p#q^Ja € PAN(p—> 0)} 


U {p > q | p # q ^ aub € P(a,b € N Ap >=> q)}. 


So L(B,i, F) a (L). 

(ii) We denote Ns by N and to each letter x € N, we associate a new 
symbol 7 ¢ N with 7 Æ 7 for x # y. Let N := {T | x € N}. We extend 
the operation — by morphism to all words u = z1 ... £n i. €. U = TI... Tn. 
Recall that the mirror u of any word u = z1 .. . £n is the word Ù = £n . . . £1. 
The following set is regular: 


Kav | Ja(u Ta v)}*) | {aE | x EN} nN’ N* 


meaning that we can apply by suffix a rule (u,v) by producing on the right 
v after having removed u on the right (using | {xT | x € N}). This set can 
be written as a finite union U,.; UiV; where U;, V; € Rat(N*) for all i € J. 
Taking the following relation: 


ie] 


3 := |]U: x Vi 
tel 
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it is easy to verify that the suffix derivation according to S' is the suffix 
rewriting according to S: 


It follows that —* is an effective rational relation. In particular starting 
5 
from I € Rat(N*), we have 
—* (D =— (I) = Im(— NI x N*) € Rat(N*) 
S Ss S 
Q.E.D. (Proposition 5.2) 


Taking the system S = {e =n ab, bab = ab} of Example 5.1, the 
construction of Proposition 5.2 gives the following finite automaton where 
the dashed arrows are ¢-transitions: 


which gives the suffix derivation of S: 
—a"= {e} x (atb)* U bt ab x (atb)* Ubt x (atb)*. 
s 
To any rewriting system S, we associate its suffix graph: 
Suf (S) := {wu => wv | u EU vAwe NZ} = N3.S 


which is the set of its suffix transitions. For instance the suffix graph of 
{aS e,z 2, xt} is the regular graph of Figure 2.8. The suffix graph of 
{a e,n Ez zzyz,y = e,z £, E} restricted to the set (z + zay)*(e+ 
x) of its vertices accessible from x is the graph of Figure 2.9. The suffix 
transition graphs of word rewriting systems have bounded degree. 


Lemma 5.3. The suffix graph of any rewriting system has bounded degree, 
and has a finite number of non isomorphic connected components. 


Proof. Let S be any labelled word rewriting system. 


(i) Let us verify that Suff(S) = N.S has bounded degree. Let w be any 
vertex of this graph. As we can at most apply all the rules of S, the out- 
degree of w is bounded by the number of rules: dt(w) < |S|. Note that the 
inverse of Ng.S is the suffix graph of the inverse of S: 


(N3.S)* = N37}, 
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so the in-degree of w is its out-degree for Ng.S~', hence 
d= (w) < |S~*| = |S]. 
Finally the degree of w satisfies: d(w) = d+ (w) +d7(w) < 2|S]. 


(ii) We show that Ng.S has a finite number of non isomorphic connected 
components. Let H be any connected component of N.S. Let w € Ng 
such that 

w.Ws N Vy # Ø and of length |w| minimal. 


Such a word w is unique because it is prefix of all the vertices of H: by 

definition of w, there is u € Wg such that wu € Vy; by induction on the 

length of any derivation wu as ‘i v, w is prefix of v. By removing this 
a 


common prefix to the vertices of H, we obtain the graph 
w AH := {u = v | wu r wu} 
which is isomorphic to H and has a vertex in Wg which is finite. So 


the set of connected components of Suff(.S) is finite up to isomorphism. 
Q.E.D. (Lemma 5.3) 


By Proposition 3.4, the second property of Lemma 5.3 is a particular case 
of the fact that any suffix graph is regular. 


Proposition 5.4. The suffix graph of any rewriting system can be gener- 
ated by a one-rule graph grammar from its left hand side. 


Proof. Let S be any labelled word rewriting system. Let 
E := {y | 3x 4 e(xy € Ws)} 


be the set of strict suffixes of the words of S. We take a label Y of arity 
n = |E| and let {e1,...,en} = E. We define the grammar R restricted to 
the following rule: 


Ye....€, — SU {Y (ze1)... (xen) | z E Ng}. 


So N%.S is generated by R from its left hand side: N.S € R” (Ye1... en). 
Q.E.D. (Proposition 5.4) 


Taking the system S = {e aS ab, bab as ab} of Example 5.1 and by 
applying the construction of Proposition 5.4, we get the one-rule grammar 
shown in Figure 5.1 generating the suffix graph of S. The regularity of any 
suffix graph is preserved by any regular restriction. 


Corollary 5.5. Any regular restriction of a suffix graph is a regular graph. 
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e (aab) 


(ab) è (ab) S (a) 


2 


Y. 
(b) o ÆA * (bb) 


x 
(e) J — í) + * (bab) 
(b) « 


FIGURE 5.1. Generating the suffix graph of the system of Example 5.1. 


Proof. Let S be any labelled word rewriting system and let P € Rat(N) be 
any regular language. We want to show that Suff(S))p is a regular graph. 
We can assume that each non-terminal of S' is not a terminal and is an edge 
label: Ng C Fə — Ts. We complete S into the following word rewriting 
system: 

S := SU {e > x |x E Ng}. 


It follows that 
Suf (S) = Suf (S) U {u “> uz | u € Ng Az € Ns}. 


As P is regular, there exists a finite graph H labelled in Ns which recog- 
nizes P from an initial vertex i to a vertex subset F: L(H,i, F) = P. We 
can assume that the vertices of H are vertex colours: Vy C Fi. By Propo- 


sition 5.4, Suff(S) is a regular graph. We take a new colour ų¿ € Fi — Vy. 
By Proposition 4.5, the graph 


G := Suff (S) U ({ve} @ (H U {úi })) 
remains regular. By removing in G the arcs labelled in Ng, we get the graph 
G := G — Va x Ns x Va 


which is regular (it suffices to remove the arcs labelled in Ng in the grammar 
generating G). By Proposition 4.1, the restriction of G” to the vertices 
coloured in F is again a regular graph G”. By removing all vertex colours 
from G”, we get Suff(S)|p which is regular. Q.E.D. (Corollary 5.5) 


Theorem 5.6. Any regular restriction of a suffix graph is regular by length. 


Proof. We begin as in Corollary 5.5. Let S be any labelled word rewriting 
system and let P € Rat(Vg) be any regular language. We want to show 
that Suff(S)|p is regular by vertex length. We can assume that each non- 
terminal of S is not a terminal and is a label colour: Ns C Fi — Ts, we 
complete S into the following word rewriting system: 


S := SU {e 5 «| a € Ns}, and get 
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Suff (S) = Suf (S) U {u = uz | ue NE A z € Ns}. 
In particular Vout) = Ng and we define 
m := max{|ul | u €E W5}. 


As P is regular, there is a finite complete graph H labelled in Ng which 
recognizes P from an initial vertex ų to a vertex subset F: L(H,., F) = P. 
We can assume that the vertices of H are vertex colours: Vy C Fi. We 
define 

A(P):= {cul ue PAt=>c} for any P C Né. 


(i) Let us show that Suff (5) U H(.N%) is regular by length. For any n > 0, 
we define 


Sn i= {2x > zy | x -= yAmin{|za|, |zyl} < n < max{|zal, |zyl}} 
S 


in such a way that 
Suff(S) — Suff (S) In = Suf (Sn). 
For every n > 0, we get 
ô| jn Suff(S) = {u € NŠ. (Dom(Sn )UIm(S. N) | |u| < n} 


and we can compute {Pn1,..-,Pn,r,} the partition of ô |n Suff(S) into 
connected vertices of Suff (5) — Suf (S) |n, and for every 1 <i < fn, 


Kni := {u 3 ae ; v | {u,v} A Pri £ ØA max{|ul, |u|} =n + 1}. 


Thus with the notation (i) of the proof of Theorem 4.6, we have for every 
n > 0, 


Suff (S) — Suff (S B) n = Ú SE) Kni, Pri). 


We take a linear ordering < on Ng that we extend on Nš by length- 
lexicographic order. For any n > 0 and 1 < ¿i < rn, we take 


Pn i = min{|u] —m | u € Pri A lul > m} 
which is a common prefix of the words in P,,;, and we define the hyperarc 


Xn i= pH Ps i)S1-- -Sq with {s1,...,sg} = Py, and sı <... < sq; note 
that the label is a finite set of coloured vertices. We define the grammar 
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ie, fæ ie, fæ x, ix? 
m fic} ; {ie} { Pa } : { af } (fe, } 
(x) (x) (x) 
{ fe, iv} {ix?, fr} { fa, ix3} { fa, ix} (xxx) 
. — (x)+ ; . . ; . 
(x) 4 (xxx) (xxx) (xxx) : 
(xxx) ${ix?, fa} (xxxxx) $ {ix?, fa} 


FIGURE 5.2. Generation by length of a regular restriction of a suffix graph. 


R := Un>o Rn with Ro := {(Z, (S A {e} x Ts x {e}) U {te, Xo,1}} and, for 
all n > 0, Rn+1 := Rn U S where S contains all pairs 


(Xni Kni U H (Vk, = Pai) U Clearer, | Pa+1,j N Vieni # @}) 


with 1 < i < rn A Xn i(1) € Nr,. The finiteness of R is shown in (ii). 

For any n > 0 and any 1 <i < rn, R generates from Xn, and by vertex 
length, the connected component of (Suff (S) — Suff($)) jn) UH ({u € Nå | 
|u| > n}) containing P,;. Thus R generates from axiom Z the graph 
Suf (S) U H(N3) by vertex length. 

(ii) Let us show that R is finite. It is sufficient to show that {p71 Pn.i | 
n>OA1 <i < rp} is finite. Let n > 0 and 1 <i < rn. We show 
that any word in eee: has length at most 2m. Let u,v € Pri. We 


have jul < n. There exist z € Nš anda —> , y with v = zx and 


nUSn 
|zy| > n. Hence |u| — |v] = |u| — |zy| < n-—(n—|y|) = |y] < m. Assume 
now that v is of minimal length. Either |v] < m, so pr, = € and thus 
lpn zul = |u| < m+ |v] < 2m. Or w| > m, then v = wa for some w 
and |z| = m. Thus pn; = w and lpn zul — |z| = |u| — v| < m hence 


[priu] < m+ |e] = 2m. 


(iii) It remains to end as in the proof of Corollary 5.5. We remove in R 
the arcs labelled in Ns and by Proposition 4.1, we restrict to the vertices 
coloured by F. Then we remove the colours and apply Lemma 3.2 to get a 
grammar generating Suf (S)iz by length. Q.E.D. (Theorem 5.6) 


Starting with the system S = {e > xx} and the language L = «(ax)* 
recognized by the complete automaton {i —— f, f > i} from i to f, the 
construction of Theorem 5.6 yields the grammar shown in Figure 5.2, which 
generates Suff(S)); = {1t + 1?"*3 | n > 0} by length. 

In Subsection 3.5, we have associated to any grammar R a representant 
Gen(R) of its set of generated graphs. Any vertex of Gen(R) is the word 
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of the non-terminals used to get it. This allows us to express Gen(R) as a 
suffix graph when it is of bounded degree. 


Lemma 5.7. Any grammar R generating a bounded degree uncoloured 
graph, can be transformed into a word rewriting system S' such that any 
connected component (resp. any accessible subgraph) of Gen(R) is a con- 
nected component (resp. accessible subgraph) of Suf (S). 


Proof. To define Gen(R) simply, we assume that each right hand side has 
no two non-terminal hyperarcs with the same label. We assume that the 
rule of any A € Np is of the form: Al...0(A) —> Ha. We write Vp the 
set of non input vertices of the right hand sides of R: 

Ve =| J{Vir, — [0(A)] | A € Na}. 


To each A € Np, let S4 be a graph of vertex set Vs, C NVR U [o(A)] 
labelled in Tr such that the family of graphs S4 is the least fixed point of 
the following equations: 


Sa = A- ([Ha]ULJ{SB[Y (1), ---, ¥(o(B))] | BY € H4 AB € Np}) 


where for any A € Np, for any graph G of vertex set Vs, C NVR U [e(A)] 
labelled in Tg and for any a1,...,@o(4) E Vr U [o(R)], the substitution 
G[ai,..-,@ )] is the graph obtained from G by replacing in its vertices 
each i € [o(A)] by aj: 

Glar,- s4g¢ay] = {ular s4g¢4y] -5 vlan, -saora lu -5 o} 
with 


uļar,..., ao 


E p if u =i € [o(A)] 
(Ay) = 


u otherwise; 
and where the addition A - G is defined by 
A-G:={A-(u— v) |u -> v} 


and with A- (u —= v) defined by 


u =v if u,v € [o(A)] V u,v ¢ [o(A)] U VR 
Au =v if u ¢ [o(A)] Av € [o(A)] 
u—> Av if u € [o(A)] Av € [o(A)] 


Au = Av ifu,v ¢ [o(A)] A(u € Va Vu € Va). 
The system S = Sz is suitable, for Z the axiom of R: 


(wu — wwv)}. 


Gen(R) 


Sz = {u = v | minf{lul, u|} = 243 


€ 


Q.E.D. (Lemma 5.7) 
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Taking the grammar of Figure 3.20, the construction of Lemma 5.7 yields 


Sz = Z - (Sals, t]) 


Sa =A- ({1 = 2,p > 2} U Spf, p) 
Ss = B- ({1 = 2,4 5 2} U Sell, qd) 
So =C- ({1 = 2,1 = r} U Sylr, 2]) 


hence 
Sz = {Zs = Zt, Zs + ZAp, Zs = ZABq, Zs = ZABCr} 
U{ZAp —+ Zt, ABq -> Ap, BCr + Bq, BCAp —> Bq} 
U {Cr = CAp, CBq > Cp, Cr + CABq, Cr “+ CABCr} 


Corollary 5.5 (or Theorem 5.6) and Lemma 5.7 imply the equality be- 
tween the classes of suffix graphs and uncoloured regular graphs of bounded 
degree. 


Theorem 5.8. Considering the suffix graphs of labelled word rewriting 
systems, their connected components are the connected regular graphs of 
bounded degree, their accessible subgraphs are the rooted regular graphs of 
bounded degree, their regular restrictions are the regular graphs of bounded 
degree. 


Proof. (i) Let S be any word rewriting system. Let v be any vertex of 

Suff(S) i.e. v € N§(Dom(S) UIm(S)). By Proposition 5.2, the set of 

vertices accessible from v is the regular language aa. (v), and the vertex set 
S 


of the connected component of Suf (S) containing v is the regular language 


— (v). By Corollary 5.5, any regular restriction (resp. any accessible 
SUS! 
subgraph, any connected component) of Suff(S) is an uncoloured (resp. 


rooted, connected) regular graph of bounded degree. 


(ii) Let R be any grammar generating an uncoloured graph of bounded de- 
gree. Let S be the word rewriting system constructed from R by Lemma 5.7. 
In 5.1, we have seen that Gen(R) has a regular vertex set. By Lemma 5.7, 


Gen(R) = Suf (S) voeni) 


hence Gen(R) is a regular restriction of a suffix graph. Furthermore by 
Lemma 5.7, if Gen(R) is connected (resp. rooted) then it is a connected 
component (resp. accessible subgraph) of Suff(S). Q.E.D. (Theorem 5.8) 


We now restrict as much as possible the word rewriting systems to define 
the same suffix graphs. 
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5.2 Weak pushdown automata 


A (real-time) pushdown automaton S' over the alphabet T of terminals is 
a particular word rewriting system: S is a finite subset of PQ x T x P*Q 
where P, Q are disjoint alphabets of respectively stack letters and states; we 
denote by 


Ps := {u(t) | 1 <i < lu] Ad¢€ Qluq E€ Ws)} the stack letters, 
Qs := {q | du € P*, uq E Ws} the states of S. 


A configuration of S is a word in P.Qs: a stack word followed by a state. 
The transition graph of S is the set of its transitions restricted to its con- 
figurations: 


Tr(S) = {wu > wo | u -> v A w E€ P3} = P3.S 


It is also the suffix graph of S restricted to its configurations. 

Note that a pushdown automaton is essentially a labelled word rewriting 
system whose left hand sides are of length 2 and such that the rules are only 
applied by suffix. A symmetrical way to normalize both sides of the rules 
of a rewriting system is given by a weak pushdown automaton S' which is a 
finite set of rules of the form: 


p — qor p—> 2q or sp — q with x P pqEQ, aET 


where P and Q are disjoint alphabets of stack letters and states; we also 
write Ps and Qs for respectively the stack letters and the states (appearing 
in the rules) of S. The transition graph of S is also the set of its (suf- 
fix) transitions restricted to its configurations: Tr(S) := P.S. We define 
the same suffix graphs by normalizing labelled word rewriting systems as 
pushdown automata or weak pushdown automata. 


Theorem 5.9. The suffix graphs of labelled word rewriting systems, the 
transition graphs of pushdown automata, and the transition graphs of weak 
pushdown automata, have up to isomorphism the same connected compo- 
nents, the same accessible subgraphs and the same regular restrictions. 


Proof. (i) Let S be any weak pushdown automaton. Let us construct a 
pushdown automaton S$ simulating S: the connected components (resp. ac- 
cessible subgraphs, regular restrictions) of Tr( S) are connected components 


(resp. accessible subgraphs, regular restrictions) of Tr(.S). We take a new 
symbol | and we define the pushdown automaton: 


S := {yp > yzq | p -> zq ^y E Ns U{L}} 
U {yp > ya | p -> 4^y E€ Ns U{L}} 


U {ap > q| zp — gh. 
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Weak pushdown automaton: 


p-> xp p' -> yp 
p—q pP — d 
rq >q yd — q 


Transition graph: 


(up) a (uxp) a (uxxp)a (uxxxp) 
er —— 9 —* 

'| | | | aes 
Gaia ig ee gael 

(ua) (uxq) (uxxq) (uxxxq) 
(vp’)a (vyp’)a (vyyp’h (vyyyp’) 

e ae iei o ——___>e 

'| | | ae 
ee a ee 

(vq’) (vyg) (vyya’)  (vyyya’) 

| for any u € {z,y}*yU {e} 


I 
, for any v € {x,y}*rU {e} 


FIGURE 5.3. The transition graph of a weak pushdown automaton. 


Thus Pz = Ps U {L} and Q5 = Qs. Furthermore 


u = v4 Lu — Lv for any u,v € P2.Qs. 
Tr(S) Tr(S) i ss 


It follows that for any L € Rat((Ps U Qs)*) N Pg.Qs written by abuse of 
notation as Rat(P3.Qs), 


Tr(S)i, = Tr($)ji 7 


and for any vertex v of Tr(S) i.e. v € Pg.Ws, the connected component 
(resp. accessible subgraph) of Tr($) containing v (resp. from v) is the 


connected component (resp. accessible subgraph) of Tr(S) containing (resp. 
from) Lv. 


(ii) Let S be any pushdown automaton. Thus S is simulated by itself as a 
rewriting system over Ps U Qs because 


Tr(S)), = Suff(S)), for any L € Rat(P3.Qs) 


and for any v € P&.Wg, the connected component (resp. accessible sub- 
graph) of Tr(S) containing v (resp. from v) is the connected component 
(resp. accessible subgraph) of Suff(.S) containing (resp. from) v. 
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(iii) Let S be any labelled word rewriting system. We want to simulate 
S by a weak pushdown automaton 9. Let m be the greatest length of the 
words of S: 

m := max{|u| | u € Ws}. 


As in (i), we take a new symbol L to mark on the left the words over Ng. 
Any word in LN% is decomposed from left to right into m blocks (the last 
block being of length < m): 


EP EP EQ 
by using the two bijections: i from Ng’ U yess to a new alphabet P and 
j from {Lw | we N4 A^ |w| < 2m}U {w € NE | m < |w| < 2m} to a new 
alphabet Q, and according to the injection k defined from Ng U LN% into 
P*.Q by 

E ifu=e 

k(u) := 4 j(u) if u € Dom(j) 

i(w)k(v) if u= wv € Dom(j) A |w] = m. 

For every n > 0, we denote by f(n) := [4] the (minimal) number of blocs 


of length m necessary to contain n letters. By applying (by suffix) any rule 
of S, we can add or delete at most m letters, hence 


[ful — fvl] < 1 for any u Ea v. 


We define the weak pushdown automaton S := S ug” with 
F := {k(Lwu)  k(Lwv) | u 3 vAwe NEA f(Lwu) + f(Lwv) <5} 


all 


S = {k(wu) + k(wv) | u <> v^ w E N$ A4 < f(wu) + f(wr) < 5} 


We illustrate below the different types of rules for F: 


a 


twuj Lwv ys 
P X q 
etu e eoo = A Y ' 
P q4 
twa YLL! et lw 1 v ' 
P X q 
tlw | u a to! ' Lw i 1 v a 1 a! 
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We illustrate below the different types of rules for 5: 


| A E E AA E Eee — [kL a 1 
P q 
wi vi an wi A ' 
P X q 
E E a et VETA, $ LH es ee ees ee | 
x P T q 


u € LNéAk(u) = w => w(u = vAkv) =w) 
* 5 Nž.S 


It follows that the image by k of the connected component of 1N¢§.S con- 
taining Lu is equal to the connected component of P*.S containing k(Lu). 
Furthermore the accessible subgraph from Lu of N.S is equal to the ac- 


cessible subgraph from k(Lu) of P*.S. We also deduce that the suffix graph 
Suff (S) = Ng.5S' is isomorphic to 


k(LN§.S) = F ULNING D” = (P*S) acing); 


hence N%.S' is not isomorphic to P*.S (we need a restriction). More gener- 
ally we have 


k((LN3.S) 1m) = (P*. Skam) for any M C Ng 


and if M € Rat(Ng) then k(LM) € Rat(P*.Q). Consequently any regular 
restriction of Ng.S is isomorphic to a regular restriction of the transition 
graph of the weak pushdown automaton S. Q.E.D. (Theorem 5.9) 


Let us illustrate the construction of the proof (iii) of Theorem 5.9 applied 
to the labelled word rewriting system: 


S= {r = ax,x > e}. 
Its suffix graph Suff(S) is the following rooted graph: 
~ 


i “_"~,~~™ — or 
<—e e e e e — 
ÅA we Tea TEA 
(e) @) E (wz) b (3) b (sf) b (z5) 
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Note that L(Suf (S), x,£) is the Lukasiewicz language. By applying the 
construction (iii) of Theorem 5.9, the greatest length of S is m = 2. Its set 
of states is Q = {1,2,3,4, p,q} with the following bijection j: 


L— l; Lg — 2; Ler — 3; 


Lgerz — 4; LLL — P; LLLL — q 
and its set of pushdown letters is P = {y, z} with the bijection 2: 
£r — Y; Lr — z 


By coding the arcs of Suff (S) restricted to {e,...,2°}, we get the following 
weak pushdown automaton S: 


See: 2 ae Go a2 
3 — 4; 4 3; — zp 


Its transition graph Tr(S) accessible from 2 (or connected to 2) is the fol- 
lowing: 


a a a a a a 


b 


mena e NS a oe. es 
a) (2) b (3) b (4) b (zp) b (24) b (zyp)b (zyą4)b (zyyp) 


The use of weak pushdown automata, instead of word rewriting systems or 
of pushdown automata, allows simpler constructions. For instance, let us 
restrict Theorem 5.6 to weak pushdown automata. 


Proposition 5.10. Let S be a weak pushdown automaton. Let H be a 
finite deterministic graph labelled in Ps and coloured in Qs recognizing 
from a vertex i the configuration language: 


L= {uq | we P4 ^q E€ Qs Ni => s qs € H}. 


Thus Suff(S)jz is generated by length by a grammar with |Vz| + 1 rules. 


Proof. Let Qs = {q,---,@n} be the set of states of S. We associate to any 
vertex s of H a new label [s] of arity n and we define the grammar R with 
the axiom rule 


Z — {lia .--an} U {p > 4 | vi, gi € H}, 
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(p)¢ (p)¢ + (xp) (p)¢ + (xp) 
F — » |Y 3 | —— |: ; | —_ |} 
(a)$ (a) (a) ,—— } (xa) tays kagan a) 


FIGURE 5.4. Regular restriction of a weak pushdown graph. 


and for any vertex s of H, we take the following rule: 


[s]a1 -- -an — {ap > xq | p -> q ^ 3t(s -> t A pt,qt € H)} 


U {p —> aq | 3t(s -> t A ps, qt € H)} 


U {ap ->q | It(s -~> tA pt,qs € H)} 
U {[t](2q1) ---(@dn) | s > t} 


Thus R generates by length (P.9S)z from its axiom Z. 
Q.E.D. (Proposition 5.10) 


Taking the weak pushdown automaton of Figure 5.3 restricted to the system 


b 
S = {p = zp, p — q, £4 5 q} 


and the regular language L = (xx)* pU x*q of configuration recognized from 
vertex 7 by the following finite deterministic automaton: 


The construction of Proposition 5.10 gives the grammar shown in Figure 5.4 
which generates Suf (S)z by length. 


5.3 Main result 
Finally we put together Theorem 5.8 and Theorem 5.9, and we recall The- 
orem 4.6 and Theorem 5.6. 


Theorem 5.11. The suffix graphs of labelled word rewriting systems, the 
transition graphs of pushdown automata, and the transition graphs of weak 
pushdown automata, have up to isomorphism 


e the same connected components: the connected regular graphs of 
bounded degree, 


e the same accessible subgraphs: the rooted regular graphs of bounded 
degree, 
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e the same regular restrictions: the regular graphs of bounded degree. 


These graphs are regular by length, and also by distance when they are 
connected. 


All these equivalences are effective. Note that by Theorem 4.6 (or Propo- 
sition 4.3), the regularity by distance for the connected graphs coincides with 
the finite decomposition by distance. 


Theorem 5.12 (Muller-Schupp, [8]). The connected components of push- 
down automata are the connected graphs of bounded degree having a finite 
decomposition by distance. 


This result has been expressed with the usual pushdown automata which 
are intermediate devices between the general labelled word rewriting sys- 
tems (applied by suffix) and the weak pushdown automata. Furthermore 
the finite decomposition by distance for the connected graphs of bounded 
degree is a normal form of the regularity. 


6 Languages 


Any graph G traces the language L(G, i, f) of the labels of its paths from a 
colour į to a colour f. By Theorem 5.11, the regular graphs trace exactly 
the context-free languages, and by restriction to path grammars, we give 
directly a context-free grammar generating the path labels of any regular 
graph (cf. Propositions 6.2 and 6.3). Finally we verify that the deterministic 
regular graphs trace exactly the deterministic context-free languages (cf. 
Proposition 6.5). 


6.1 Path grammars 


The regular languages are the languages recognized by the finite automata: 
Rat(T*) := {L(G, 1, f) | G finite A Fe N Fh CT Ai, fe Fi} 


and the context-free languages, which are the languages recognized by the 
pushdown automata, are the languages recognized by the regular graphs: 


Alg(T*) := {L(G,i, f) | G regular A Fe NF, CT Ai, f € Fy}. 


This equality follows by Theorem 5.11 because by adding ¢-transitions, we 
can transform any regular graph G into a regular graph G of bounded degree 
recognizing the same language: L(G,i, f) = L(G,i, f). 

Let us give a simple construction to get directly a context-free grammar 
generating the recognized language of a regular graph. In fact and contrary 
to the previous sections, we just need transformations preserving the recog- 
nized language but not the structure. First by adding e-transitions, we can 


Deterministic graph grammars 239 


start from a unique vertex to end to a unique vertex. More precisely, let 
R be a grammar and H be a finite hypergraph such that R”(H) are only 
coloured graphs. For any colours i, f, we denote 


L(R, H,i, f) := L(Gen(R, A), i, f) 


the label set of the paths from i to f of any generated graph by R from H, 
or in particular for the canonical graph Gen(R, H) defined in 3.5. For Z 
the axiom of R, we also write 


L(R,i, f) = L(R, Z, 1, f) = L(Gen(R),i, f). 


We say that R is an initial grammar for the colours i, f when only the right 
hand side H of Z is coloured by i, f, and i, f colour a unique vertex: 


|H N iVy| == |H A fVal. 


Lemma 6.1. For any grammar R and colours i, f, we can get an ini- 
tial grammar S labelled in Fr U {£} and recognizing the same language: 
L(R,i, f) = L(S,%, f). 


Proof. Let R be any grammar generating from its axiom Z a coloured graph 
G. To any non-terminal A € Npr — {Z}, we associate a new symbol A’ of 
arity o(A) + 2. We take two new vertices p,q which are not vertices of R. 
We define the following grammar: 


S := {(Z, K' U {ip, fq}) | (Z, K) € R} 
U{(4'Xpq, K') | (AX,K)€ RAAF Z} 


where for any hypergraph K € Im(S), the graph K’ is the following: 


K' := {s ->t |a € Tr} U{A'Xpq| AX E KAA € Np} 
U{p = s|ise K}U{s + q| fs € K}. 
Assuming that p,q ¢ Va, S generates from its axiom Z the following graph: 
H := (G — Fı Va) U {ip, fq} U {p = s | is € G} U {s & q | fs € G} 
satisfying L(G, i, f) = L(H,i, f) i.e. L(R,i, f) = L(S,i, f). Note that for 
G having an infinite number of initial (resp. final) vertices, the vertex p 


(resp. q) in H is of infinite out-degree (resp. in-degree). By adding new 
€-arcs, we can avoid these infinite degrees. Q.E.D. (Lemma 6.1) 
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a) a) —— a) ES aaae a 
bh og {4 

A e> B ; B m — 
d A 


FIGURE 6.2. An acyclic path grammar. 


In Figure 6.1 we illustrate the construction of Lemma 6.1. To preserve 
the recognized language of a regular graph (and not the structure), we can 
restrict to grammars having only arcs (of arity 2). A path grammar R is a 
deterministic graph grammar without axiom and whose each rule is of the 
form A12 —> H where H is a finite set of arcs having no arc of source 2 and 
no arc of goal 1. In Figure 6.2, we give a path grammar which is acyclic: 
each right hand side is an acyclic graph. For any path grammar R, any 
A € Npr and any derivation 


R R 


we define the following languages, where n > 0: 


Ln(R, A) := L(Hn, 1,2) C(NRUTR)* YWn>0 
L(R, A) := LU (Em(R, A) 9 TR) ETA. 
m>0 


Proposition 6.2 (Caucal-Hieu, [6]). For any grammar R and colours i, f, 
we can get a path grammar S recognizing from a non-terminal A the lan- 
guage L(S, A) = L(R,i, f). 


Proof. (i) We assume that each rule of R is of the form: Al... (A) — Ha 
for any A € Npr. Let Z be the axiom of R. By Lemma 6.1, we suppose 
that R is initial: į (resp. f) colours only Hz (not the other right hand sides 
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of R) and on a unique vertex P (resp. q # p). We assume that 0 is not a 
vertex of R and we take a new set of labels of arity 2: 


{Aij | AE NrA1l <i,j < of APU {LZ}. 
We define the splitting ~G> of any (Tr U Nr)-hypergraph G as being the 
graph: 


a 


<G> := {s t|asteGAae Tr} 


Aij ras 
U{s—$3t| AE NrA1<1,j < o(A)A 
As1,...,89(a)(Asi...8g(4) EGAS = si At = 8;)} 


and for p,q E€ Va and P C Vg with 0 ¢ Va, we define for p 4 q 
Gp,q,P = {s a t | t xp S # q^ s,t ¢ ey en eee 
G i= “.t|\t#pAs,t¢eP 
Dsp,P Ges |t#ApAs,t ¢ P} 


a a 
D 9 0a Pl gip ea 


This allows us to define the splitting of R as the following path grammar: 


<R> := {Aj,j12 — hij ((Ha)ij leca- | 4 € NRA1 < i,j < o(A)} 
U {7'12 — (KHz) temsa 

where h; j is the vertex renaming of (HA )i j le(4)]-{i, j} defined by 
hi j(i) 


=J hig (J) = 2, hi j(x) = x otherwise, fori £ j 
= 1, hi (0) = 2, hiilx) =r otherwise, 


and h is the vertex renaming of Hz defined by 
h(p) = 1, h(q) = 2, h(x) = x otherwise. 
We then put <~R> into a reduced form. 


(ii) Let us show that L(R,i, f) = L(<R>, Z'). For any A € Np, we take a 
derivation 


Al...o(A)= H, H heal woe 
RAs Oger ge 


we write Ho = U,,so|Hn] and for every 1 < i,j < o(A) and 0 < n < w, we 
define the following languages: 

Ln(R, A,t,5) = L((Hn)i j loca- tijp ts i) for i # j 

In(R, A, i, i) = L((Hn)ii tea- {a} 4 0)- 
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Note that for any A € Np, any i,j € [o(A)] and n > 0, we have 


La(R, A, i,j) © (TrU {Ap | A E€ NRA p,q E [0(A)]})" 
and Lo(R, A, i,j) C Tp. 


Let us verify that for any A € Ne and 1 < i,j < o(A), we have 
L.(R, A, i, j) = L(<Rr, Ai,;). 


As Lu(R, A,i,j) = Unso(Ln(B, A, i, j) O TÄ), it is sufficient to prove by 
induction on n > 0 that 


L,(R, A, i,j) = In(<~R>, Ai j). 
“n = 0”: we have Lo(R, A, i,j) = {4i ;} = Lo(KR>, Ai, j). 
“n = 1”: we have 
Li(R, A, i,j) = L((HA)ijloa)]-tijp i j) = La(<R>, Aij). 
“n => n + Is 


Ln+1(R, A, i,j) T Iy(R, A, i, 9)[Ln(R, B,p, q)/Bo,q\ 
= 1,(KR>, Aj,;)[Ln(<R>, Bpq)/Bp,q] by ind. hyp. 
= In4i(<R>, Ai j). 


Finally we have 


L(R,i, f) = L(Gen(R),i, f) 
= L(<xHz>,P,7)|Lu(R, A, i, j)/Ai] 
= Lı(xR>, Z')[L(KR>, Aj,;)/Ai,5] 
= L(<xR>, Z’). 


Q.E.D. (Proposition 6.2) 


Let us illustrate Proposition 6.2 starting from the following grammar R: 


i 


+ (1)+ a) +>. 
b, 
Z — ) A š ona —— al J A 
` (3)* oe 
f g 


Its generated graph R” (Z) is given below. 
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Proposition 6.2 splits grammar R into the following grammar <R> in re- 
duced form: 


(1) aD (1). G ——>- (1). G% 
D a Has ; jaz — '| [az ; A23 —— d 
A2,3 
(2) “at (2% 2y—— + (2% (2) 
UO 43,3 y 

a» ay —— a» a» 

Aig 
A13 —— * JA1,3 3 A3,3 ——> 9 

Aa, 3h 
(2% C ETE (2% (2) 

O 43,3 


We get the following generated graph <~R>“(Z’12): 


(ete, 285 Se oe, 


"WN 4 Y ‘4 Y A 


P S S gg 
wo OE Balk ide clea 
CC a Ps ee 
g e 
A N aa 
. — o = o 


Obviously the graphs R“(Z) and ~R>“(Z'12) are not isomorphic but by 
Proposition 6.2 they recognize the same language: 


LR’ (Z), i, f) = DAR) = {a t" bc" deg)” | m,n > 0}. 


We now show that path grammars are language-equivalent to context- 
free grammars (on words). Recall that a context-free grammar P is a finite 
binary relation on words in which each left hand side is a letter called a 
non-terminal, and the remaining letters of P are terminals. By denoting 
Np and Tp the respective sets of non-terminals and terminals of P, the 
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rewriting FA according to P is the binary relation on (Np U Tp)* defined 


by 
UAV — UWV if (A,W) € P and U,V € (Np U Tp)*. 


The derivation —>* is the reflexive and transitive closure of —> with 
P P 


respect to composition. The language L(P,U) generated by P from any 
U € (Np UTp)* is the set of terminal words deriving from U: 


L(P,U) := {ue Tp | U u}. 


Path grammars and context-free grammars are language-equivalent with 
linear time translations. 


Proposition 6.3 (Caucal-Dinh, [6]). 


a) We can transform in linear time any path grammar R into a context-free 
grammar R such that L(R, A) = L(R, A) for any A € Np. 


b) We can transform in linear time any context-free grammar P into an 
acyclic path grammar P such that L(P, A) = L(P, A) for any A € Np. 


Proof. (i) The first transformation is analogous to the translation of any 
finite automaton into an equivalent right linear grammar. To each non- 
terminal A € Nr, we take a vertex renaming hy of R(A12) such that 
ha(1) = A and ha(2) = £, and the image Im(h,) — {e} is a set of symbols 
with Im(h4)MIm(hg) = {e} for any B E€ Np—{A}. We define the following 
context-free grammar: 


R:= {(ha(s),aha(t)) | IA € Ng(s ate t)}. 


Note that each right side of R is a word of length at most 2, and the number 
of non-terminals of R depends on the description length of R: 


[Nal = ( 5 |Vraag) = |Npr]. 
AENR 


For instance, the path grammar of Figure 6.2 is transformed into the fol- 
lowing context-free grammar: 


A=aC; C= BD; D=c 
B=aF +E; E = aG + d; F = AG 
G = AH; H=c 
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(ii) For the second transformation, we have Ng = Np and for each A € Np, 


its right hand side in P is the set of distinct paths from 1 to 2 labelled by 
the right hand sides of A in P. We translate the context-free grammar P 
into the following acyclic path grammar: 


P := {(A12, H4) | A € Dom(P)} 
such that for each non-terminal A € Dom(P), the graph H4 is the set of 
right hand sides of A in P starting from 1 and ending to 2: 
Ha := {1 5 (B,V) | (A, BV) € PA|B) =1AV £e} 
U {(U, BV) 2+ (UB,V) | (A,UBV) € PA|B| =1AU,V £e} 
U{(U, B) 2+ 2|(A,UB) € PA|B) =1AU £e} 
U{1 > 2| (A,B) € PA|B| =1} 
U {1 = 2 | (A,e) € P}. 


Note that Np = Np and Tp = Tg — {e}. For instance the context-free 
grammar {(A, aAA), (A,b)} generating from A the Lukasiewicz language, is 
translated into the acyclic path grammar reduced to the unique rule: 


A12 — {1 & 2,1 -> (a, AA), (a, AA) — (aA, A), (aA, A) > 2} 


and represented below: 


Q.E.D. (Proposition 6.3) 


Note that by using the two transformations of Proposition 6.3, we can 
transform in linear time any path grammar into a language equivalent 
acyclic path grammar. By Proposition 6.2 and Proposition 6.3 a), the recog- 
nized languages of regular graphs are generated by context-free grammars. 
The converse is true by Proposition 6.3 b). 


Corollary 6.4. The regular graphs recognize exactly the context-free lan- 
guages. 
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6.2 Deterministic languages 


We now focus on the deterministic regular graphs. We say that a coloured 
graph G is deterministic from a colour i if i colours a unique vertex of G, 
and two arcs with the same source have distinct labels: 


IG NiVe| = 1 and (p-> a Ap > r = g=7). 
The languages recognized by the deterministic regular graphs 


DAlg(T*) := {L(G, i, f) | G regular and deterministic from i 
AFN Pa CTi, fE F} 


are the languages recognized by the deterministic pushdown automata. 


Proposition 6.5. The deterministic regular graphs recognize exactly the 
deterministic context-free languages. 


Proof. Recall that a deterministic pushdown automaton S over an alphabet 
T of terminals is a finite subset of PQ x (T U {e}) x P*Q where P,Q are 
disjoint alphabets of respectively stack letters and states, and such that S 
is deterministic for any a € T U {e}: 


(zp = uq A zp = vr) => uq = vr 


and each left-hand side of an e-rule is not the left-hand side of a terminal 
rule: 
(zp 5 uq ^ zp = vr) > a=e. 


The language L(Tr(S), xp, F) recognized by S starting from an initial con- 
figuration xp and ending to a regular set F C P*Q of final configurations, 
is a deterministic context-free language. 


(i) Let us verify that L(Tr(S), xp, F) is traced by a deterministic regular 
graph. We take two colours i and f. By Proposition 5.4 or more precisely 
by Corollary 5.5, the following coloured graph: 


G := Tr(S) U {i(ap)} U {ful ue F} 


is a regular graph. Let R be a grammar generating G. We define the 
following grammar: 


Rl := {(X", H’) | (X, H) € R} 
where for any hyperarc fsı ...Sn of R, we associate the hyperarc 


(fs1.-.8n) = f[si].-- [Sn] 
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that we extend by union to any right hand side H of R: 
H' := {Y'| Y € H} 
and such that for any vertex s € Vy, 


Bade le ee es Eh 
i] = {t]t svs -5 t} 


Thus R’ is without ¢-arc and 


L(R’,i, f) = L(R,i, f) = L(G,i, f) = L(Tr(S), xp, F). 


(ii) Let i, f be colours and R be a grammar such that Gen(R) is determin- 
istic from i. We want to show that L(R,i, f) is a deterministic context-free 
language. By Proposition 4.4 (and 4.1), we assume that Gen(R) is accessi- 
ble from i. By Lemma 3.11, we can assume that R is terminal outside. For 
any rule (X, H) € R, we define 


Out(X(1)) = {i | 1 < i < of XM) AIX >} 


the ranks of the input vertices which are source of an arc in the generated 
graph from X. Precisely (Out(A)) is the least fixed point of the 
system: for each (X, H) € R, 


AENR 


Out(X(1)) = {i | (X (Ù ae 


U{i| 3Y € HN NpRVÄ Ij € Out(Y (1) (X (i) = Y(j))}- 


We rewrite non-terminal hyperarcs in the right hand sides of R until all the 
terminal arcs of input source are produced. We begin with the grammar: 


Ro = R 


and having constructed a grammar Rp for n > 0, we choose a rule (X, H) € 
Rn and a non-terminal hyperarc Y € H N NRV such that 


Vx N {Y (i) | i € Out(Y(1))} 4 Ø 


and we rewrite Y in H to get a hypergraph K i.e. H zE K in order to 
replace H by K in Rp: l 


Rnzi t= (Rn — {(X, H) U {(X, K)} 
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If such a choice is not possible, we finish with R := Rp. As Gen(R) is 
deterministic, it is of bounded out-degree, hence R exists. By construction, 
R is equivalent to R: 


R*(X) =R (X) for any X € Dom(R) = Dom(R). 
Furthermore R satisfies the following property: 
V(X, H) € R YY € HO NgVå (Vx N {Y (i) | i € Out(Y(1))} = 9) 


meaning that any input which is a vertex of a non-terminal hyperarc Y 
cannot be a source of an arc in the generated graph from Y. For each rule 
(X, H) € R, we denote 


MOut(X(1)) = |(J{Vx N Wy | Y € HAY(1) € Ng} 


the set of input-output vertices; and for each s € InOut(X(1)), we take a 
new vertex s’ ¢ Vy and to any non-terminal hyperarc Y € H with Y (1) € 
Nç, we associate the hyperarc Y’ = Y (1)Y (2V ...Y (|Y |) with s’ := s for 
any s € Vg — InOut(X(1)). We define the grammar R’ by associating to 
each rule (X, H) € R, the following rule: 


X — [H]U{Y’ |Y € HAY(1) € Ng} U {s = s | s € MOut(X(1))}. 


Thus L(R,i, f) = L(R',i, f) and the graph Gen(R’) is of finite degree, 
deterministic over Tr U {e} and such that any source of an e-arc is not 
source of an arc labelled in Tr. By Theorem 5.11, Gen(R’) is the transition 
graph of a pushdown automaton S accessible from an initial configuration 
co with a regular set F of final configurations: 


Gen(R’) = Tr(S)teco—*c} U {ico} U {fe | c € F}. 
Finally S is a deterministic pushdown automaton recognizing the language: 
L(Tr(S),i, F) = L(R’,i, f) = L(R,i, f). 
Q.E.D. (Proposition 6.5) 


Due to a lack of space (and time), we have only presented a first (and 
partial) survey on deterministic graph grammars. After defining suitable 
normal forms, we explored the notion of regularity of a graph with respect 
to a finite-index graduation of its vertices. 

Together with a generic representation of grammar-generated graphs, 
this yields a canonical representation of any given regular graph. These 
definitions and techniques constitute a basic toolkit for conveniently ma- 
nipulating deterministic graph grammars. As an illustration, we were able 
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to prove in a self-contained way several known structural results concerning 
regular graphs, the most important being their links with the transition 
graphs of pushdown automata. 

This is only a first step in studying deterministic graph grammars, and 
many interesting developments remain to be explored. We hope that this 
paper might encourage further work on the subject. In particular, we believe 
that grammars will prove an invaluable tool in extending finite graph theory 
to the class of regular graphs, as well as finite automata theory to some 
sub-families of context-free languages. Some efforts in these directions have 
already begun to appear [5, 6]. Other leads for further research concern the 
use of grammars as a tool for more general computations (a particular case 
is Proposition 4.4), and the design of geometrical proofs for results related 
to context-free languages (e.g. the standard pumping lemma). 

Let us conclude with a natural question: how can one extend determinis- 
tic graph grammars in order to generate the structure of infinite automata 
[10], in particular those associated to pushdown automata using stack of 
stacks [11, 3]? 
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Abstract 


We show that an operation on graphs, and more generally, on re- 
lational structures that has an inverse definable by a monadic second- 
order transduction preserves the family of recognizable sets. 


1 Introduction 


Several algebras of graphs, and more generally of relational structures, can 
be defined in terms of disjoint union as unique binary operation and of 
several unary operations defined by quantifier-free formulas. These algebras 
are the basis of the extension to graphs and hypergraphs of the theory of 
formal languages in a universal algebra setting. 

In every algebra, one can define two families of subsets, the family of 
equational sets which generalizes the family of context-free languages, and 
the family of recognizable sets which generalizes the family of recognizable 
languages. Equational sets are defined as least solutions of systems of re- 
cursive set equations and not in terms of rewriting rules. Recognizable 
sets are defined in terms of finite congruences and not in terms of finite 
automata. These purely algebraic definitions which are due to Mezei and 
Wright [8] have the advantage of being applicable to every algebra, whereas 
rewriting systems and finite automata cannot. One obtains definitions of 
” context-free” sets of graphs which avoid the cumbersome analysis of the 
confluence of particular graph rewriting systems. The basic definitions and 
facts regarding these notions can be found in [2, 5, 6, 7]. 


* There has been a long cooperation between the Logic and Computer Science groups in 
RWTH and in LaBRI, which started in 1984 with the visit of W. Thomas in Bordeaux 
as invited speaker to the Colloquium on Trees (CAAP). This note extends my article 
with A. Blumensath, which is a recent outcome of this cooperation, and hopefully, not 
the last one. I thank A. Blumensath for helpful comments. 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 251—260. 
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Certain closure properties of the families of equational and recognizable 
sets are valid at the most general level. In particular, the family of equa- 
tional sets of an algebra M is closed under union, intersection with the 
recognizable sets and under the operations of this algebra. For an example, 
the concatenation of two equational (i.e., context-free) languages is equa- 
tional. The family of recognizable sets of an algebra M is closed under 
union, intersection and difference, and under the inverses of unary derived 
operations (the operations defined by finite terms over the signature of M). 
The family of recognizable languages (alternatively called rational or reg- 
ular) is also closed under concatenation, but this is not a special case of 
a general algebraic property, by contrast with the case of equational lan- 
guages. In a general algebra, the family of recognizable sets is not always 
closed under the operations of the algebra. That these closure properties 
are true depends on particular properties of the considered algebra. 


Which properties of an algebra ensure that the family of recognizable 
sets is closed under the operations of the algebra? 


Two types of answers can be given: algebraic and logical answers. Al- 
gebraic answers have been given in [4], an article motivated by the study 
of the so-called Hyperedge Replacement (HR) algebra of graphs and hyper- 
graphs, that is connected in a natural way to the notion of tree-width [6]. 
The results of the article [4] can be applied to the case of languages in a 
quite simple way: the property of words that uv = wz if and only if there 
exists a word z such that u = wz and zv = a, or uz = w and v = zz implies 
that the concatenation of two recognizable languages is recognizable, by a 
proof that uses only finite congruences and no construction of automata. 

Another important case is that of an associative and commutative op- 
eration, a useful example being the disjoint union of graphs and relational 
structures denoted by ©. The corresponding (commutative) concatenation 
of subsets preserves recognizability because the equality u $ v = w @ = is 
equivalent to the existence of y1, y2, Y3, Y4 such that u = yı Dyz, v = ys D ya, 
w = yı ®© y3 and x = y2 © y4. 

The article [4] establishes that the family of HR-recognizable sets of 
graphs is closed under the operations of the HR-algebra. One might think 
that these results would extend without difficulties to the somewhat sim- 
ilar Vertex Replacement (VR) algebra of graphs (which we define below). 
However this is not the case as we shall see in the next section. 


In the present article, we do not answer the above question in full gener- 
ality, but we give a sufficient condition for algebras of finite relational struc- 
tures (hence also of finite graphs) whose operations are disjoint union and 
unary operations defined by quantifier-free formulas, that we call quantifier- 
free definable operations. We are particularly interested by these algebras 
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because every monadic second-order definable set of finite relational struc- 
tures is recognizable (see Theorem 5.1 below). Our main result (Theorem 
5.4) is a direct consequence of a result of [2]. It relates the preservation 
of recognizability in the algebra of relational structures under a unary op- 
eration to the existence an inverse for this operation that is a monadic 
second-order transduction. The present article continues the exploration 
done in particular in [1, 2, 3, 6, 7] of the deep links between algebraic and 
logical properties, more precisely here, between recognizability and monadic 
second-order logic. 


2 The VR-algebra of simple graphs. 


Graphs are finite, simple (without multiple edges), directed, and loop-free. 
Let C be a countable set of labels containing the set of nonnegative integers. 
A C-graph is a graph G given with a total mapping labg from its vertex set 
Va to C. Hence G is defined as a triple (Ve, edgg, laba} where edgg is the 
binary edge relation. We call labg(v) the label of a vertex v. We denote 
by 2(G) the finite set labg(Va) C C, and we call it the type of G. The 
operations on C-graphs are the following ones: 


1. We define a constant 1 to denote an isolated vertex labelled by 1. 
2. For i,j € C with i Æ j, we define a unary function add;,; such that 
addj,;((Vc, edgg, labg)) = (Va, edgg, lab) 


where edg& is edgg augmented with the set of pairs (u,v) such that 
labg(u) = i and labg(v) = j. In order to add undirected edges 
(considered as pairs of opposite directed edges), we take 


add;,j (add; :( (Va, edgg, labg))). 


3. We let also ren;_,; be the unary function such that 
renj;((Va, edgg, labg)) = (Va, edgg, labg) 


where labo(v) = j if labe(v) = i, and labG(v) = labg (v), otherwise. 
This mapping relabels into 7 every vertex label i. 


4. Finally, we use the binary operation @ that makes the union of disjoint 
copies of its arguments. Hence the graph G @ H is well-defined up to 
isomorphism. 


We denote by FY® the countable set of all these operations, including 
the constant 1. The VR-algebra has for domain the set G of all isomorphism 
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classes of C-graphs and the operations of FY®. A well-formed term t written 
with the symbols of FYÈ defines a C-graph G = val(t), actually a graph up 
to isomorphism. However, val(t) can be defined as a “concrete” graph with 
vertex set Occ (t) the set of occurrences in t of the constant 1. 

A set of C-graphs L is VR-recognizable if there exists an FY®-congruence 
=~ on G such that 


1. G~ H implies 1(G) = 7(H) 


2. for each finite subset D of C, the congruence ~ has finitely many 
equivalence classes of graphs of type D, 


3. L is the union of a finite set of equivalence classes of ~. 


We shall prove below that the disjoint union and the renaming opera- 
tions ren;_,; preserve VR-recognizability. (A more complicated proof can 
be based on the algebraic lemmas of [4].) However : 


Proposition 2.1. The operation adda,» does not preserve recognizability. 
The operation that deletes all edges does not either. 


Proof. Here is a counter-example. One takes the set L of finite directed 
graphs G of type {a,b} consisting of pairwise nonadjacent edges linking 
one vertex labelled by a to one vertex labelled by b. Hence, we have as 
many a-labelled vertices as b-labelled ones. This set is definable in monadic 
second-order logic (and even in first-order logic) hence is VR-recognizable by 
a general theorem (see [3, 6], Theorem 5.1 below). The set K = adda (L) 
consists of complete bipartite graphs Kn,n. And this set is not recognizable, 
because otherwise, so would be the set of terms of the form add,,p([a® (a 
(...a))..)]® [b@(...(b@b)..)]) having n occurrences of a defined as reny_._(1) 
and n occurrences of b defined as reny_,,(1) with n > 0. By a standard 
pumping argument this set is not recognizable. The proof is similar for the 
operation that deletes all edges. One uses the terms [a @ (a @ (...a))..)] ® 
[b @ (...(b @ b)..)]. Q.E.D. 


We now describe the logical setting that will help to investigate rec- 
ognizability. We formulate it not only for graphs but for finite relational 
structures. 


3 Relational structures and monadic second-order 
logic 

Let R= {A, B,C, ...} be a finite set of relation symbols each of them given 

with a nonnegative integer 0(A) called its arity. We denote by STR(R) the 

set of finite R-structures S = (Dg,(Ags)aer) where Ag C pe) if AER 
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is a relation symbol, and Dg is the domain of S. If R consists of relation 
symbols of arity one or two we say that the structures in STR(R) are 
binary. Binary structures can be seen as vertex- and edge-labelled graphs. 
If we have several binary relations say A, B,C, the corresponding graphs 
have edges with labels A, B,C. 

Monadic Second-order logic (MS logic for short) is the extension of First- 
Order logic with variables denoting subsets of the domains of the considered 
structures and atomic formulas of the form x € X expressing the member- 
ship of x in a set X. We shall denote by MS(R,W) the set of Monadic 
second-order formulas written with the set R of relation symbols and hav- 
ing their free variables in a set W consisting of first-order and set variables. 

As a typical and useful example, we give an MS formula with free vari- 
ables x and y expressing that (x,y) belongs to the reflexive and transitive 
closure of a binary relation A : 


VX(a € X AVu,v[(u € X A A(u,v)) = v E€ X] = ye X). 


If the relation A is not given in the considered structures but is defined by 
an MS formula, then one replaces A(u, v) by this formula with appropriate 
substitutions of variables. 

A subset of STR(R) is MS-definable if it is the set of finite models 
of a monadic second-order sentence, i.e., of an MS formula without free 
variables. Such a set is closed under isomorphism. 


4 Monadic second-order transductions 


Monadic second-order formulas can be used to define transformations of 
graphs and relational structures. As in language theory, a binary relation 
R C AxB where A and B are sets of words, graphs or relational structures 
is called a transduction: A — B. An MS transduction is a transduction 
specified by MS formulas. It transforms a structure S, given with an n- 
tuple of subsets of its domain called the parameters, into a structure T, 
the domain of which is a subset of Ds x [k], (where [k] = {1,...,&}). It is 
noncopying if k = 1. The general definition can be found in [1, 2, 6]. We 
only define noncopying MS transductions which are needed in this article. 
We let R and Q be two finite sets of relation symbols. Let W be a finite 
set of set variables, called parameters. A (Q, R)-definition scheme is a tuple 
of formulas of the form A = (y,v,(64)Acq) where y € MS(R,W),y € 
MS(R, W U {21}), and 04 E€ MS(R, W U {21,-++ ,%o(4)}), for A E€ Q. 
These formulas are intended to define a structure T in STR(Q) from a 
structure S in STR(R). Let S € STR(R), let y be a W-assignment in S. 


256 B. Courcelle 


A Q-structure T with domain Dr C Dg is defined in (S, y) by A if 
1. (9,7) FY 
2. Dr = {d | dé Ds, (S,7, 4) [> Y} 


3. for each A in Q : Ar = {(d1;, dt) € DÉ | (S, y, di,--- , dt) H Oa}, 
where t = o( A). 


Since T is associated in a unique way with S,y and A whenever it 
is defined, i.e., whenever (S,7) = p, we can use the functional notation 
defa (S, y) for T. The transduction defined by A is the binary relation : 


defa := {(S,T) | T = defa (S, y) for some W-assignment y in S}. 


A transduction f C STR(R)xSTR(Q) is a noncopying MS transduc- 
tion if it is equal to defa (up to isomorphism) for some (Q, R)-definition 
scheme A. We shall also write functionally defa (S) := {defa(S,y) | y 
is a W-assignment in S}. A definition scheme without parameters de- 
fines a parameterless MS transduction, which is actually a partial function: 
STR(R) — STR(Q). 

A quantifier-free definable operation (a QF operation in short) is a pa- 
rameterless noncopying MS-transduction ô: STR(R) — STR(Q) defined 
by a scheme A = (p, %, (64) Acq) such that the formula y is equivalent to 
True, and the formulas 64 are without quantifiers (whence also without 
set variables). This implies that ô is total. Furthermore, we say that such 
an operation is nondeleting if the formula w is equivalent to True. This 
condition implies that the domains of S and of 6(S) are the same. 

A labelled graph (Vg, edgg, labg) of type contained in D will be rep- 
resented by the relational structure |G] = (Vo,edge, Pac, ---,PaG) where 
D = {a,...,d} and pzg(u) is true if and only if labg(u) = x. Through this 
representation, the unary operations adda, and rena—» are quantifier-free. 
This means that for some QF operation a, we have a(|G]|) = |adda»(G)| 
for all graphs G of type contained in D, and similarly for reng_.p. 

The composition of two transductions is defined as their composition as 
binary relations. If they are both partial functions, then one obtains the 
composition of these functions. The inverse image of a set L C STR(Q) 
under a transduction 6: STR(R) — STR(Q) is the set of elements S' of 
STR(R) such that 6(S)NL is not empty. It is denoted by 6~!(L). (Equality 
of structures is understood up to isomorphism, hence 6~+(L) is closed under 
isomorphisms. ) 


Proposition 4.1 (Courcelle, [6]). 


1. The composition of two MS transductions is an MS transduction. 


2. The inverse image of an MS-definable set of structures under an MS 
transduction is MS-definable. 
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5 The many-sorted algebra of relational structures 


We now make the family of sets STR(R) for all relational signatures R 
into a many-sorted algebra STR, where each R is a sort and STR(R) 
is the corresponding domain. Here are the operations. First we define a 
disjoint union ® : STR(R)x STR(Q) — STR(RUQ) for each pair of 
sorts (R,Q) (using the same notation for all of these operations). Then 
we also let in the signature all QF operations : STR(R) —> STR(Q) 
for all pairs of sorts (R,Q). For each pair (R,@Q) there are actually only 
finitely many such operations (see [7, Appendix A]). We take the constant * 
denoting the structure in ST R(2@) with a single element. We could actually 
take other constants, this would not affect the results stated below because 
recognizability does not depend on the set of constants. We let FSF be this 
signature. The notation refers to the role of QF operations. 

A subset of STR(R) is QF-recognizable if it is a (finite) union of classes 
of an F@¥-congruence on STR (equivalent elements must have the same 
sort) that has finitely many classes in each domain STR(R). 

The labelled graphs having a type included in a finite set D are repre- 
sented by relational structures |G] = (Vo,edge,pac,--,PaG) in 
STR({edg} U {pa,---;Pa}) where D = {a,...,d}. A set of labelled graphs is 
VR-recognizable if and only if it is QF-recognizable, and it is VR-equational 
if and only if it is QF-equational [2, Theorem 68]. 


Theorem 5.1 (Courcelle, [3, 6]). If a subset of STR(R) is MS-definable, 
then it is QF-recognizable. 


Theorem 5.2 (Blumensath-Courcelle, [2, Theorem 51]). The inverse image 
of a QF-recognizable set of relational structures under an MS transduction 
is QF-recognizable. 


The following definition is new. 


Definition 5.3. Let 0 be a mapping that associates with every structure S$ 
in STR(R) a structure T in STR(Q) with same domain. It is MS-invertible 
if there exists a noncopying and nondeleting MS transduction € with set of 
parameters W such that, for all structures S$ and T: 


1. if 0(S) = T, then there exists a W-assignment y such that €(T, y) = S, 
2. for every W-assignment y such that €(T, 7) is defined, we have 
OET, y)) =T. 


As an example, we can observe that the operation rena—»» is MS- 
invertible. Let H = reng—.»(G) be obtained from G by replacing each 
vertex label a by b. This means that the sets X and Y of vertices labelled 
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by a and by b are made into a unique set X UY, the set of vertices of H 
labelled by b. To recover G from H, it is enough to use a set parameter Z 
that guesses, among the vertices labelled by b those which were originally 
labelled by a. Clearly, for each set Z of vertices labelled by b, one obtains 
a graph G such that H = reng—.(G), and every such G is of this form. 

On the contrary, the operation adda,» is not MS-invertible: the inverse 
MS-transduction would need to guess a set of edges to be deleted. This is 
not possible without using edge set quantifications, which is not what we 
are doing here (but can be done in relation with the HR-algebra, see [1, 6]). 
However, the restriction of adda,» to the set of graphs that have no edge 
from an a-labelled vertex to a b-labelled one is MS-invertible, and its inverse 
MS-transduction is parameterless. 


Theorem 5.4. Every MS-invertible mapping preserves QF-recognizability. 


Proof. Let 0 be an MS-invertible mapping : STR(R) — STR(Q) with 
inverse MS transduction €, using a set of parameters W. Let L C STR(R) 
be recognizable. We claim that 6(L) = €~1(L), which will yield the result 
by Theorem 5.2. 

If T = 0(S),S € L there exists a W-assignment y such that €(T,y) = S, 
hence T belongs to €~'(L). Conversely, if T € €~1(L), then €(T, y) € L for 
some W-assignment y hence 0(£(T, y)) = T and T € 0(L). Q.E.D. 


The proof of [2, Theorem 51] uses the fact that the QF operation that 
deletes a unary relation preserves recognizability [2, Proposition 58]. Such 
an operation is clearly MS-invertible. The proof of [2, Proposition 58] is done 
with the algebraic techniques of [4]. (Since recognizability is an algebraic 
notion, algebraic constructions must be used somewhere.) 

Note that the same proof yields that MS-invertible QF operations pre- 
serve MS-definability, whereas a QF operation like adda,» does not. 


Question 5.5. Which QF operations are MS-invertible? 


It does not seem easy to give necessary and sufficient conditions. We 
have already given examples and counter-examples (with help of Proposition 
2.1). The operation that relabels a binary symbol, say A into B, does not 
preserve recognizability. The proof is as in Proposition 2.1. The following 
is a related question. 


Question 5.6. Does there exist a QF operation that is not MS-invertible 
but preserves QF-recognizability? 


We now consider in a similar way the disjoint union @ : STR(R) x 
STR(Q) — STR(RUQ). Let mark be a unary relation not in RU Q. 
Let us define the marked disjoint union mark : STR(R) x STR(Q) — 
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STR(RUQU{mark}), such that SPmarkT = SOT augmented with mark(u) 
for every u in the domain of T. It clear that there are two parameterless 
QF operations é; and £> such that for every structure Z 


1. &(Z) and &9(Z) are defined if and only if Z = S mark T for some S$ 
in STR(R) and some T in STR(Q), 


2. and if this is the case S and T as in 1. are unique and 
Z= &(Z) Pmark &2(Z). 


Theorem 5.7. Disjoint union preserves QF-recognizability. 


Proof. Let L C STR(R) and K C STR(Q) be recognizable. Let M = 
L Omark K. We claim that M = €7'(L)N €1(K). 

If Z = S mark T E M, S E L, T € K, then &(Z) = S and &(Z) =T, 
hence Z € & (S) and Z € & (T), Z € & (L) N ¿£z (K). Conversely, 
if Z € & (L) N €1(K) then &(Z) = S € L and &(Z) =T € K and 
Z = S Omark T E L Omark K = M. This proves the claim, and by Theorem 
5.2, €;'(L) and ¿£3 '(K) are recognizable and so is their intersection M. 

The image of M under the QF operation that deletes mark is recogniz- 
able by [2, Proposition 58], and this image is L ® K. Q.E.D. 


A similar proof shows that disjoint union preserves MS-definability. 


The family of recognizable sets of relational structures is thus preserved 
under disjoint union and MS-invertible QF operations. These operations 
form a subsignature FY? of FSF, From general facts discussed in depth 
in [2], it follows that the F™@¥-equational sets form a subfamily of the 
QF-equational ones, and that the QF-recognizable sets form a subfamily of 
the F™Y-9F recognizable ones. If those two inclusions are equalities, then 
we say that the signatures FY 2 and FSF are equivalent. 


Question 5.8. Is the signature F™~ 2" equivalent to FQF? 


Let us first go back to the case of the VR-algebra. The signature FY® 


is equivalent to the restriction to graphs of the signature F&F ([3] and [7, 
Theorem 4.5]). Furthermore, one can eliminate from FY® the operations 
adda,» and replace them by derived operations of the form G8, H = A(G S 
H) where A is a composition of adda,» operations and of relabellings that 
only create edges between G and H (and not inside G or H). One obtains 
an algebra of graphs with the same recognizable sets [7, Proposition 4.9] 
and the same equational sets. For each operation ®) a pair of inverse MS- 
transductions like é; and £2 for © can be defined so that the operations 
Q, preserve recognizability. In this way we can handle the problem of the 
non-MS-invertibility of adda». 
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Could we do the same for FSF? There is another difficulty with the QF 
operations that delete relations of arity more than one, and those which 
rename them, because, as observed above, they are not MS-invertible. A 
subsignature of FSF equivalent to it is defined in [2] but it uses these non- 
MS-invertible operations. We leave open Question 5.8. 

As final comment, we observe that the result of [4] stating that the 
family of HR-recognizable sets of graphs and hypergraphs is closed under the 
operations of the HR-algebra can be proved by the tools used for Theorems 
5.4 and 5.7. 
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Abstract 


We give an essentially self-contained presentation of some princi- 
pal results for first-order definable languages over finite and infinite 
words. We introduce the notion of a counter-free Biichi automaton; 
and we relate counter-freeness to aperiodicity and to the notion of 
very weak alternation. We also show that aperiodicity of a regular 
co-language can be decided in polynomial space, if the language is 
specified by some Biichi automaton. 


1 Introduction 


The study of regular languages is one of the most important areas in formal 
language theory. It relates logic, combinatorics, and algebra to automata 
theory; and it is widely applied in all branches of computer sciences. More- 
over it is the core for generalizations, e.g., to tree automata [26] or to par- 
tially ordered structures such as Mazurkiewicz traces [6]. 

In the present contribution we treat first-order languages over finite and 
infinite words. First-order definability leads to a subclass of regular lan- 
guages and again: it relates logic, combinatorics, and algebra to automata 
theory; and it is also widely applied in all branches of computer sciences. 
Let us mention that first-order definability for Mazurkiewicz traces leads 
essentially to the same picture as for words (see, e.g., [5]), but nice charac- 
tizations for first-order definable sets of trees are still missing. 

The investigation on first-order languages has been of continuous interest 
over the past decades and many important results are related to the efforts 
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of Wolfgang Thomas [31, 32, 33, 34, 35]. We also refer to his influential 
contributions in the handbooks of Theoretical Computer Science [36] and 
of Formal Languages [37]. 

We do not compete with these surveys. Our plan is more modest. We 
try to give a self-contained presentation of some of the principal charac- 
terizations of first-order definable languages in a single paper. This covers 
description with star-free expressions, recognizability by aperiodic monoids 
and definability in linear temporal logic. We also introduce the notion of a 
counter-free Biichi automaton which is somewhat missing in the literature 
so far. We relate counter-freeness to the aperiodicity of the transformation 
monoid. We also show that first-order definable languages can be charac- 
terized by very weak alternating automata using the concept of aperiodic 
automata. In some sense the main focus in our paper is the explanation of 
the following theorem. 


Theorem 1.1. Let L be a language of finite or infinite words over a finite 
alphabet. Then the following assertions are equivalent: 


1. L is first-order definable. 
2. L is star-free. 
L is aperiodic. 


L is definable in the linear temporal logic LTL. 


OF E Co 


L is first-order definable with a sentence using at most 3 names for vari- 
ables. 


6. L is accepted by some counter-free Biichi automaton. 
7. Lis accepted by some aperiodic Biichi automaton. 
8. L is accepted by some very weak alternating automaton. 


Besides, the paper covers related results. The translation from first- 
order to LTL leads in fact to the pure future fragment of LTL, i.e., the 
fragment without any past tense operators. This leads to the separation 
theorem for first-order formulae in one free variable as we shall demonstrate 
in Section 9. We also show that aperiodicity (i.e., first-order definability) of 
a regular oo-language can be decided in polynomial space, if the language 
is specified by some Biichi automaton. 

Although the paper became much longer than expected, we know that 
much more could be said. We apologize if the reader’s favorite theorem is 
not covered in our survey. In particular, we do not speak about varieties, 
and we gave up the project to cover principle results about the fragment 
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of first-order logic which corresponds to unary temporal logic. These dia- 
monds will continue to shine, but not here, and we refer to [30] for more 
background. As mentioned above, we use Büchi automata, but we do not 
discuss deterministic models such as deterministic Muller automata. 

The history of Theorem 1.1 is related to some of the most influential 
scientists in computer science. The general scheme is that the equivalences 
above have been proved first for finite words. After that, techniques were 
developed to generalize these results to infinite words. Each time, the gen- 
eralization to infinite words has been non-trivial and asked for new ideas. 
Perhaps, the underlying reason for this additional difficulty is due to the 
fact that the subset construction fails for infinite words. Other people may 
say that the difficulty arises from the fact that regular w-languages are not 
closed in the Cantor topology. The truth is that combinatorics on infinite 
objects is more complicated. 

The equivalence of first-order definability and star-freeness for finite 
words is due to McNaughton and Papert [19]. The generalization to in- 
finite words is due to Ladner [15] and Thomas [31, 32]. These results have 
been refined, e.g. by Perrin and Pin in [24]. Based on the logical framework 
of Ehrenfeucht-Fraissé-games, Thomas also related the quantifier depth to 
the so-called dot-depth hierarchy, [33, 35]. Taking not only the quantifier 
alternation into account, but also the length of quantifier blocks one gets 
even finer results as studied by Blanchet-Sadri in [2]. 

The equivalence of star-freeness and aperiodicity for finite words is due 
to Schützenberger [28]. The generalization to infinite words is due to Perrin 
[23] using the syntactic congruence of Arnold [1]. These results are the basis 
allowing to decide whether a regular language is first-order definable. 

Putting these results together one sees that statements 1, 2, and 3 in 
Theorem 1.1 are equivalent. From the definition of LTL it is clear that 
linear temporal logic describes a fragment of FO", where the latter means 
the family of first-order definable languages where the defining sentence uses 
at most three names for variables. Thus, the implications from 4 to 5 and 
from 5 to 1 are trivial. The highly non-trivial step is to conclude from 1 (or 
2 or 3) to 4. This is usually called Kamp’s Theorem and is due to Kamp 
[13] and Gabbay, Pnueli, Shelah, and Stavi [9]. 

In this survey we follow the algebraic proof of Wilke which is in his 
habilitation thesis [38] and which is also published in [39]. Wilke gave the 
proof for finite words, only. In order to generalize it to infinite words we 
use the techniques from [5], which were developed to handle Mazurkiewicz 
traces. Cutting down this proof to the special case of finite or infinite words 
leads to the proof presented here. It is still the most complicated part in the 
paper, but again some of the technical difficulties lie in the combinatorics of 
infinite words which is subtle. Restricting the proof further to finite words, 
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the reader might hopefully find the simplest way to pass from aperiodic 
languages to LTL. But this is also a matter of taste, of course. 

Every first-order formula sentence can be translated to a formula in FO®. 
This is sharp, because it is known that there are first-order properties which 
are not expressible in FO”, which characterizes unary temporal logic [7] over 
infinite words. 

The equivalence between definability in monadic second order logic, reg- 
ular languages, and acceptance by Biichi automata is due to Biichi [3]. 
However, Biichi automata are inherently non-deterministic. In order to 
have deterministic automata one has to move to other acceptance conditions 
such as Muller or Rabin-Streett conditions. This important result is due to 
McNaughton, see [18]. Based on this, Thomas [32] extended the notion of 
deterministic counter-free automaton to deterministic counter-free automa- 
ton with Rabin-Streett condition and obtained thereby another characteri- 
zation for first-order definable w-languages. There is no canonical object for 
a minimal Büchi automaton, which might explain why a notion of counter- 
free Buchi automaton has not been introduced so far. On the other hand, 
there is a quite natural notion of counter-freeness as well as of aperiodicity 
for non-deterministic Biichi automata. (Aperiodic non-deterministic finite 
automata are defined in [16], too.) For non-deterministic automata, aperi- 
odicity describes a larger class of automata, but both counter-freeness and 
aperiodicity can be used to characterize first-order definable w-languages. 
This is shown in Section 11 and seems to be an original part in the paper. 

We have also added a section about very weak alternating automata. 
The notion of weak alternating automaton is due to Muller, Saoudi, and 
Schupp [21]. A very weak alternating automaton is a special kind of weak 
alternating automaton and this notion has been introduced in the PhD 
thesis of Rhode [27] in a more general context of ordinals. (In the paper 
by Léding and Thomas [17] these automata are called linear alternating.) 
Section 13 shows that very weak alternating automata characterize first- 
order definability as well. More precisely, we have a cycle from 3 to 6 to 7 
and back to 3, and we establish a bridge from 4 to 8 and from 8 to 7. 

It was shown by Stern [29] that deciding whether a deterministic finite 
automaton accepts an aperiodic language over finite words can be done 
in polynomial space, i.e., in PSPACE. Later Cho and Huynh showed in [4] 
that this problem is actually PSPACE-complete. So, the PSPACE-hardness 
transfers to (non-deterministic) Biichi automata. It might belong to folklore 
that the PSPACE-upper bound holds for Biichi automata, too; but we did 
not find any reference. So we prove this result here, see Proposition 12.3. 

As said above, our intention was to give simple proofs for existing re- 
sults. But simplicity is not a simple notion. Therefore for some results, 
we present two proofs. The proofs are either based on a congruence lemma 
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established for first-order logic in Section 10.1, or they are based on a split- 
ting lemma established for star-free languages in Section 3.1. Depending on 
his background, the reader may wish to skip one approach. 


2 Words, first-order logic, and basic notations 


By P we denote a unary predicate taken from some finite set of atomic 
propositions, and x, y,... denote variables which represent positions in finite 
or infinite words. The syntax of first-order logic uses the symbol | for 
false and has atomic formulae of type P(x) and x < y. We allow Boolean 
connectives and first-order quantification. Thus, if y and w are first-order 
formulae, then ~y, y V = and Jzy are first-order formulae, too. As usual 
we have derived formulae such as x < y, x = y, pAW = a(g V ay), 
Vay = 7-day and so on. 

We let © be a finite alphabet. The relation between © and the set of unary 
predicates is that for each letter a € X and each predicate P the truth-value 
P(a) must be well-defined. So, we always assume this. Whenever convenient 
we include for each letter a a predicate P, such that P,(b) is true if and 
only if a = b. We could assume that all predicates are of the form P,, but 
we feel more flexible of not making this assumption. If x is a position in a 
word with label a € £, then P(x) is defined by P(a). 

By b* (resp. ©”) we mean the set of finite (resp. infinite) words over 
£, and we let Z = X* UL. The length of a word w is denoted by |w], it 
is a natural number or w. A language is a set of finite or infinite words. 

Formulae without free variables are sentences. A first-order sentence 
defines a subset of X° in a natural way. Let us consider a few examples. We 
can specify that the first position is labeled by a letter a using 3zYy Pa (x) A 
x < y. We can say that each occurrence of a is immediately followed by b 
with the sentence Vx ~P, (x) V dy x < y A Ply) AVz ale <zAz<y). We 
can also say that the direct successor of each b is the letter a. Hence the 
language (ab)” is first-order definable. We can also say that a last position 
in a word exists and this position is labeled b. For a Æ b this leads almost 
directly to a definition of (ab)*. But (aa)* cannot be defined with a first- 
order sentence. A formal proof for this statement is postponed, but at least 
it should be clear that we cannot define (aa)* the same way as we did for 
(ab)*, because we have no control that the length of a word in a* is even. 

The set of positions pos(w) is defined by pos(w) = {i € N| 0 <i < |w}}. 
We think of pos(w) as a linear order where each position i is labeled with 
A(t) € X, and w = XA(O)A(1)- «=. 

A k-structure means here a pair (w,p), where w € X® is a finite or 
infinite word and P = (pi,...,px) is a k-tuple of positions in pos(w). The 
set of all k-structures is denoted by uth and the subset of finite structures 
is denoted by UK): For simplicity we identify °° with 46): 
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Let 7 be a k-tuple (a1,...,2%) of variables and y be a first-oder formula 
where all free variables are in the set {21,...,2,}. The semantics of 


(w, (pi,---,PR)) FY 


is defined as usual: It is enough to give a semantics to atomic formulae, 
and (w, (p1,---,Pk)) H| P(xi) means that the label of position p; satisfies 
P, and (w, (pi,...,pr)) Æ xi < xj means that position p; is before position 
Pj, 1e., Pi < pj. 

With every formula we can associate its language by 


L(y) = {(w,B) € B®, | P) Fo}. 


In order to be precise we should write £y,(y), but if the context is clear, 
we omit the subscript ©, k. 


Definition 2.1. By FO(*) (resp. FO(°)) we denote the set of first- 
order definable languages in ©* (resp. X%), and by FO we denote the 
family of all first-order definable languages. Analogously, we define families 
FO"(*), FO"(2°°), and FO” by allowing only those formulae which use 
at most n different names for variables. 


3 Star-free sets 
For languages K, L C X° we define the concatenation by 


K-L={w|uekKns*,veL}. 


The n-th power of L is defined inductively by L° = {e} and L”*! = L. L”. 
The Kleene-star of L is defined by L* = U5, L”. Finally, the w-iteration 
of L is 

LY = {upurug::: | u; E LM d* for all į > 0}. 


We are interested here in families of regular languages, also called ratio- 
nal languages. In terms of expressions it is the smallest family of languages 
which contains all finite subsets, which is closed under finite union and 
concatenation, and which is closed under the Kleene-star (and w-power). 
The relation to finite automata (Biichi automata resp.) is treated in Sec- 
tion 11. For the main results on first-order languages the notion of a Büchi 
automaton is actually not needed. 

The Kleene-star and the w-power do not preserve first-order definability, 
hence we consider subclasses of regular languages. A language is called 
star-free, if we do not allow the Kleene-star, but we allow complementation. 
Therefore we have all Boolean operations. In terms of expressions the class 
of star-free languages is the smallest family of languages in X° (resp. D*) 
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which contains &*, all singletons {a} for a € X, and which is closed under 
finite union, complementation and concatenation. It is well-known that 
regular languages are closed under complement, hence star-free languages 
are regular. 

As a first example we note that for every A C © the set A* (of finite 
words containing only letters from A) is also star-free. We have: 


A* = 5* \ rae). 


In particular, {e} = @* is star-free. Some other expressions with star are 
also in fact star-free. For example, for a 4 b we obtain: 


(ab)* = (ad* N d*d) \ E* (£? \ {ab, ba})d*. 


The above equality does not hold, if a = b. Actually, (aa)* is not star-free. 
The probably best way to see that (aa)* is not star-free, is to show (by 
structural induction) that for all star-free languages L there is a constant 
n € N such that for all words x we have x” € L if and only if 2"*! e L. 
The property is essentially aperiodicity and we shall prove the equivalence 
between star-free sets and aperiodic languages later. Since (ab)* is star-free 
(for a # b), but (aa)* is not, we see that a projection of a star-free set is 
not star-free, in general. 


Definition 3.1. By SF(5*) (resp. SF(H°)) we denote the set of star-free 
languages in &* (resp. °°), and by SF we denote the family of all star-free 
languages. 


An easy exercise (left to the interested reader) shows that 
SF(>*) ={LCy* | De SF(S*)} = {LN d* | LE SF(X*)}. 


3.1 The splitting lemma 

A star-free set admits a canonical decomposition given a partition of the 
alphabet. This will be shown here and it is used to prove that first-order 
languages are star-free in Section 4 and for the separation theorem in Sec- 
tion 9. The alternative to this section is explained in Section 10, where the 
standard way of using the congruence lemma is explained, see Lemma 10.2. 
Thus, there is an option to skip this section. 


Lemma 3.2. Let A, B C X be disjoint subalphabets. If L € SE(£%®) then 
we can write 
LO BAB? = |] KiaiLi 
l<i<n 
where a; € A, Ki € SF(B*) and L; E SF(B™) for all l <i<n. 


1 We do not need this standard result here. 
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Proof. Since B* AB = |J e B*aB”, it is enough to show the result when 
A = {a}. The proof is by induction on the star-free expression and also on 
the alphabet size. (Note that |B| < |X|.). The result holds for the basic 
star-free sets: 


e If L= {a} with a € A then LN B*AB™ = {e}afe}. 
e If L= {a} with a ¢ A then LN B* AB™ = Ga@ (or we let n = 0). 
e If L=>* then LN B* AB™ = B* AB". 


The inductive step is clear for union. For concatenation, the result follows 
from 


(L. L’) A B*AB™ = (LA B* AB®™)-(L'N B®) U (LN B*)- (L'A B* AB®). 


It remains to deal with the complement X% \ L of a star-free set. By 
induction, we have LM B*aB™® = U,<;<, Kiali. If some K; and K; are 
not disjoint (for i Æ j), then we can rewrite 


Kal, U KjaLj T (Ki \ K;)aLi U (Ki \ KijaLj U (Ki N K,)a(L; U L;). 


We can also add (B* \ U; Ki)a@ in case |]; K; is strictly contained in B*. 
Therefore, we may assume that {K; | 1 < i < n} forms a partition of B*. 
This yields: 


(SLB as = |] Kia(B®™ \ Li). 


l<i<n 


4 From first-order to star-free languages 


This section shows that first-order definable languages are star-free lan- 
guages. The transformation is involved in the sense that the resulting ex- 
pressions are much larger than the size of the formula, in general. The proof 
presented here is based on the splitting lemma. The alternative is again in 
Section 10. 


Remark 4.1. The converse that star-free languages are first-order definable 
can be proved directly. Although strictly speaking we do not use this fact, 
we give an indication how it works. It is enough to give a sentence for 
languages of type L = L(y)-a- L(Y). We may assume that the sentences y 
and w use different variable names. Then we can describe L as a language 
L(E€) where 


E = Az Pa(z) A vez ^ Yoz, 
where ye, and ws, relativize all variables with respect to the position of 
z. We do not go into more details, because, as said above, we do not need 
this fact. 
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We have to deal with formulae having free variables. We provide first 
another semantics of a formula with free variables in a set of words over 
an extended alphabet allowing to encode the assignment. This will also be 
useful to derive the separation theorem in Section 9. 

Let V be a finite set of variables. We define Ny = E x {0,1}”. (Do not 
confuse Sy with X(x) from above.) Let w € X% be a word and ø be an 
assignment from the variables in V to the positions in w, thus 0 < a(x) < |w] 
for all x € V. The pair (w,a) can be encoded as a word (w,o) over Uy. 
More precisely, if w = agajaz:-: then (w,o) = (ao, 70)(@1, 71)(@2, T2) °°: 
where for all 0 < i < |w| we have r;(x) = 1 if and only if o(x) = i. 
We let Ny C EẸ be the set of words (w,o) such that w € X® and ø is 
an assignment from V to the positions in w. We show that Ny is star- 
free. For x € V, let X37! be the set of pairs (a,7) with T(x) = 1 and let 
E= = Ly \ E25! be its complement. Then, 


Ny = EE EP). 
sEV 


Given a first-order formula y and a set V containing all free variables of y, 
we define the semantics [y]v C Mv inductively: 


[Pa(z)}v = {(w,0) E€ Ny | w = bobibe--- E€ E” and bg(z) = a} 
[x < y]lv = {(w, 2) E€ Ny | a(x) < o(y)} 
[Az, y]v = {(w, 0) E Ny | ,0 < i < [wl A (w, olz => i)) € [el vupey} 
lv v dv = lylv Y iy]v 
Pelv =v \ ilv. 


Proposition 4.2. Let y be a first-order formula and V be a set of variables 
containing the free variables of y. Then, [y]v € SF(=7?). 


Proof. The proof is by induction on the formula. We have 


[Pale)]v = Mv N (Bp - {(a,7) | 7(@) = 1-2) 
[x < ylv = Ny Q Ey . ye=l r Ey ` st g EY). 


The induction is trivial for disjunction and negation since the star-free sets 
form a Boolean algebra and Ny is star-free. The interesting case is existen- 
tial quantification [Az, y]y. 

We assume first that x € V and we let V’ = V U {x}. By induction, 
[¢]v is star-free and we can apply Lemma 3.2 with the sets A = Ut7! and 
B = £70. Note that Ny: C B*AB®. Hence, [y]v: = [y]v 0 B*AB& 
and we obtain [y]w = U,<;<, KiaiLi where a, € A, K; € SF(B*) and 


Li € SF(B°) for all i. Let 7: BY — XY be the bijective renaming defined 
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by m(a,7) = (a,7;v). Star-free sets are not preserved by projections but 
indeed they are preserved by bijective renamings. Hence, K; = m(K/) € 
SF(£ọ) and L; = 7(Li) € SF(D¥P). We also rename aj = (a,T) into 
a; = (a Tiv). We have [Ar,y]v = Ui<icn KiaiLi and we deduce that 
da, y]v € SF(ZFP). a 

Finally, if £ € V then we choose a new variable y ¢ V and we let 
U = (V \ {x}) U {y}. From the previous case, we get [3x, y]u E€ SE(£Ẹ). 
To conclude, it remains to rename y to a. Q.E.D. 


= 


Corollary 4.3. We have: 
FO(=*) C SF(£*) and FO(]°°) C SF(X°). 


5 Aperiodic languages 


Recall that a monoid (M,-) is a non-empty set M together with a binary 
operation - such that ((x - y): z) = (a- (y - z)) and with a neutral element 
1 € M such that x-1 = 1-x = z for all x,y,z in M. Frequently we write 
xy instead of x - y. 

A morphism (or homomorphism) between monoids M and M’ is a map- 
ping h: M — M’ such that h(1) = 1 and h(a - y) = h(x) - h(y). 

We use the algebraic notion of recognizability and the notion of aperiodic 
languages. Recognizability is defined as follows. Let h : &* — M be 
a morphism to a finite monoid M. Two words u,v € X” are said to 
be h-similar, denoted by u ~p v, if for some n € NU {w} we can write 
u = []o<cicn ui and v = [Jocje, vi with ui, vi € UT and h(u;) = h(vi) for 
all0 <i <n. The notation u = Ho<ien ui refers to an ordered product, 


it means a factorization u = uogu,-::-. In other words, u ~p v if either 
u = v = £, or u,v € Ut and h(u) = A(v) or u,v € E” and there are 
factorizations u = ugly +++, v = vovi +: with w;, v; € Ut and h(uj) = h(v;) 
for all i > 0. 


The transitive closure of ~p is denoted by jp; it is an equivalence rela- 
tion. For w € X®, we denote by [wl], the equivalence class of w under ~p. 
Thus, 

[wlan = {u | ux, wh. 


In case that there is no ambiguity, we simply write [w] instead of [w]a. Note 
that there are three cases [w] = {£}, [w] C £+, and [w] C XY. 


Definition 5.1. We say that a morphism h : )* — M recognizes L, if 
w E€ L implies |w], C L for all w € £X”. 


Thus, a language L C X is recognized by h if and only if L is saturated 
by %p (or equivalently by ~a). Note that we may assume that a recognizing 
morphism h : &* — M is surjective, whenever convenient. 


First-order languages 271 


Since M is finite, the equivalence relation %p is of finite index. More 
precisely, there are at most 1+|M|+|M|? classes. This fact can be derived by 
some standard Ramsey argument about infinite monochromatic subgraphs. 
We repeat the argument below in order to keep the article self-contained, see 
also [3, 12, 25]. It shows the existence of a so-called Ramsey factorization. 


Lemma 5.2. Let h : &* — M be a morphism to a finite monoid M and 
w = uguiu2:-- be an infinite word with u; € “t+ for i > 0. Then there 
exist s,e € M, and an increasing sequence 0 < pı < p2 <--- such that the 
following two properties hold: 


1. se = sande? =e. 
2. h(uo+++Up,-1) = s and A(up, ---Up,-1) =€ for all O <i <j. 


Proof. Let E = {(i,j) € N? | i<j}. We consider the mapping c: E > M 
defined by c(t, j) = h(u;---uj-1). We may think that the pairs (i,j) are 
(edges of an infinite complete graph and) colored by c(i, j). Next we wish 
to color an infinite set of positions. 

We define inductively a sequence of infinite sets N= No D N; D No -:- 
and a sequence of natural numbers no < ny < ng <- as follows. Assume 
that N, is already defined and infinite. (This is true for p = 0.) Choose 
any Np E Np, €.g., NM = min Np. Since M is finite and Nọ, is infinite, there 
exists cp E€ M and an infinite subset Np+ı C Np such that c(np,m) = cp 
for all m € Np+41. Thus, for all p € N infinite sets Np are defined and 
for every position n, we may choose the color cp. Again, because M is 
finite, one color must appear infinitely often. This color is called e and it is 
just the (idempotent) element of M we are looking for. Therefore we find 


a strictly increasing sequence po < pı < p2 <--- such that cp, = e and 
hence e = h(up, ---Up;—1) for all 0 < i < j. Note that e = c(np),np.) = 
C(Npo; Mp, )C(Np,; Npa) = e°. Moreover, if we set s = h(uo---Up,—1), we 
obtain 


s= c(0, Np, ) = c(0, Nipo )C(Npy ’ Np.) a c(0, Np )C(Npo Np, )e(np, ’ Npa) = se. 
This is all we need. Q.E.D. 


The lemma implies that for each (infinite) word w we may choose some 
(s,e) € M x M with s = se and e = e? such that w € h™!(s)(h™t(e))”. 
This establishes that ~p has at most |M|? classes [w] where w is infinite; 
and this in turn implies the given bound 1 + |M] + |M}. 

Pairs (s,e) € M x M with s = se and e = e? are also called linked pair. 


Remark 5.3. The existence of a Ramsey factorization implies that a lan- 
guage L C X“ recognized by a morphism h from X* to some finite monoid M 
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can be written as a finite union of languages of type UV”, where U,V C X* 
are recognized by h and where moreover U = h7!(s) and V = h~‘(e) for 
some s,e € M with se = s and e? = e. In particular, we have UV C U and 
VV C V. Since {c}” = {e}, the statement holds for L C X* and L C X% 
as well. 


A (finite) monoid M is called aperiodic, if for all x € M there is some 
n € N such that 2” = g+, 


Definition 5.4. A language L C X% is called aperiodic, if it is recognized 
by some morphism to a finite and aperiodic monoid. By AP(5*) (resp. 
AP(X°%)) we denote the set of aperiodic languages in * (resp. °°), and 
by AP we denote the family of aperiodic languages. 


6 From star-freeness to aperiodicity 


Corollary 4.3 (as well as Proposition 10.3) tells us that all first-order defin- 
able languages are star-free. We want to show that all star-free languages 
are recognized by aperiodic monoids. Note that the trivial monoid recog- 
nizes the language &*, actually it recognizes all eight Boolean combinations 
of {e} and XY. 

Consider next a letter a. The smallest recognizing monoid of the single- 
ton {a} is aperiodic, it has just three elements 1,a,0 with a-a = 0 and 0 is 
a zero, this means z -y = 0 as soon as 0 € {x,y}. 

Another very simple observation is that if L; is recognized by a morphism 
hi : &* — M; to some finite (aperiodic) monoid Mj, i = 1,2, then (the direct 
product Mı x Mə is aperiodic and) the morphism 


h:d* + Mı x Mə, we (hi(w), ha(w)) 


recognizes all Boolean combinations of Lı and Lə. 

The proof of the next lemma is rather technical. Its main part shows 
that the family of recognizable languages is closed under concatenation. 
Aperiodicity comes into the picture only at the very end in a few lines. 
There is alternative way to prove the following lemma. In Section 11 we 
introduce non-deterministic counter-free Biichi automata which can be used 
to show the closure under concatenation as well, see Lemma 11.3. 


Lemma 6.1. Let L C &* and K C X” be aperiodic languages. Then L. K 
is aperiodic. 


Proof. As said above, we may choose a single morphism h : &* — M to 
some finite aperiodic monoid M, which recognizes both L and K. 

The set of pairs (h(u), h(v)) with u,v € d* is finite (bounded by |M|?) 
and so its power set S' is finite, too. We shall see that there is a monoid 
structure on some subset of S such that this monoid recognizes L- K. 
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To begin with, let us associate with w € &* the following set of pairs: 


g(w) = {(h(u), h(w)) | w = w}. 


The finite set g(*) C S is in our focus. We define a multiplication by: 


g(w) - g(w’) = g(ww’) 
= {(h(wu’), A(v’)) | w = uv} U {(h(u), Aww’) | w = w}. 


The product is well-defined. To see this, observe first that (h(w),h(v)) € 
g(w) implies h(w) = h(u)h(v) since h is a morphism. Thus, the set g(w) 
knows the element h(w). Second, h(wu’) = h(w)h(u’) since h is a morphism. 
Hence, we can compute {(h(wu’), h(v’)) | w = u'v'} from g(w) and g(w’). 
The argument for the other component is symmetric. 

By the very definition of g, we obtain a morphism 


g:B* > g(S"). 


In order to see that g recognizes L- K consider u € L- K and v such that 
we can write u = [[ocjen ui and v = JJocicn vi with ui, vi E ET and 
glui) = g(v;) for all 0 < i < n. We have to show v € L- K. We have 


u € L: K =(LMx*)-K. Hence, for some index j we can write uj = uiu” 


gO 
with 

( II wise and ws II u) EK. 

0<i<j j<i<n 
Now, g(us:) = g(vi) implies h(u;) = h(v;). Moreover, uj = uju” ; implies 


(h(uj), Ps) 
h(v Yan d h(ui 


gw 
€ g(uj) = g(v;). Hence we can write vj = v}v} with h(ui) = 
= hiv 1). Therefore 


( II njyez and a II «] Eek 
0<i<j j<i<n 


and v € L- K, too. 

It remains to show that the resulting monoid is indeed aperiodic. To 
see this choose some n > 0 such that 2” = z”+! for all x € M. Consider 
any element g(w) € g(©*). We show that g(w)?” = g(w)?"*!. This is 
straightforward: 


g(w)?” = g(w?") = {(r(w*u), h(vw™)) | w = uv, k+m = 2n-1}. 


If k+m = 2n—1 then either k > n or m > n. Hence, for each pair, we have 
either (h(w*u), h(vw™)) = (h(w*ttu), h(vw™)) or (h(wru), h(vw™)) = 
(h(w*u), h(vw™*")). The result follows. Q.E.D. 


274 V. Diekert, P. Gastin 


Proposition 6.2. We have SF C AP or more explicitly: 
SF(=*) C AP(5*) and SF(=*) C AP(X°). 


Proof. Aperiodic languages form a Boolean algebra. We have seen above 
that AP contains &* and all singletons {a}, where a is a letter. Thus, 
star-free languages are aperiodic by Lemma 6.1. Q.E.D. 


7 From LTL to FO’ 
The syntax of LTLy[XU, YS] is given by 


gu= llal-p|yve|exXUg|pYSy, 


where a ranges over X. When there is no ambiguity, we simply write LTL 
for LTLy[XU, YS]. We also write LTLy|XU] for the pure future fragment 
where only the nezt-until modality XU is allowed. 

In order to give a semantics to an LTL formula we identify each y € 
LTL with some first-order formula y(x) in at most one free variable. The 
identification is done by structural induction. T and _ still denote the truth 
value true and false, the formula a becomes a(x) = P,(x). The formulae 
neXt-Until and Yesterday-Since are defined by: 


z: au<zAyplz)AVy: 7<y<z- ly). 
z: 2>zAv(z)AVy: ©>y>2z- oly). 


It is clear that each LTL formula becomes under this identification a 
first-order formula which needs at most three different names for variables. 
For simplicity let us denote this fragment by FO?, too. Thus, we can write 
LTL C FO?. 

As usual, we may use derived formulas such as X y = L XU ọ (read neXt 
e), pUy = yV (pA (~XUY)) (read y Until y), Fp = T Uy (read Future 
p), ete. 

Since LTL C FO? a model of an LTL» formula y is a word v = 
apajaz2+:: E€ A® \ {e} together with a position 0 <i < |v] (the alphabet A 
might be different from X). 

For a formula y € LTLy and an alphabet A, we let 


Lale) = {v € A™ \ {e} | v,0 E p}. 


We say that a language L C A” is definable in LTLsy if L \ {e} = Laly) 
for some y € LTLys. Note that the empty word £ cannot be a model of a 
formula. To include the empty word, it will be convenient to consider for 
any letter c (not necessarily in A), the language 


Le alg) = {v € A® | cv, 0 E p} 
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Remark 7.1. When we restrict to the pure future fragment LTLy|XU] the 
two approaches define almost the same class of languages. Indeed, for each 
formula y € LTLs[XU], we have La(y) = Le,a(X¢) \ {e}. Conversely, for 
each formula y there is a formula Y such that LA(P) = Lea(y) \ {£}. The 
translation is simply yp XU y = y U Y, €=T and T = L if a Æ c, and as 
usual =O = -Ọ and yV Yy =F VY. 


8 From AP to LTL 


8.1 A construction on monoids 


The passage from AP to LTL is perhaps the most difficult step in completing 
the picture of first-order definable languages. We shall use an induction on 
the size of the monoid M, for this we recall first a construction due to [5]. 

For a moment let M be any monoid and m € M an element. Then 
mM N Mm is obviously a subsemigroup, but it may not have a neutral 
element. Hence it is not a monoid, in general. Note that, if m 4 1m and M 
is aperiodic, then 1m ¢ mM N Mm. Indeed, assume that 1y € mM and 
write ly = max with x € M. Hence ly = m”gr” for all n, and for some 
n > 0 we have m” = m"*!. Taking this n we see: 

ly = ma” = mtir” = m(m"2") = mim = m. 

Therefore |mM N Mm| < |M], if M is aperiodic and if m # 1m. 

It is possible to define a new product o such that mM M Mm becomes 
a monoid where m is a neutral element: We let 


zm omy = rmy 


for crm, my € mM N Mm. This is well-defined since rm = x'm and my = 
my’ imply rmy = x'my'. The operation is associative and moz = zom = z. 
Hence (mM N Mm, 0,m) is indeed a monoid. Actually it is a divisor of M. 
To see this consider the submonoid N = {x € M | am € mM}. (Note that 
N is indeed a submonoid of M.) Clearly, the mapping x +> «2m yields 
a surjective morphism from (N,-, 1m) onto (mM N Mm,o,m), which is 
therefore a homomorphic image of the submonoid N of M. In particular, if 
M is aperiodic, then (mM N Mm, o,m) is aperiodic, too. The construction 
is very similar to a construction of what is known as local algebra, see [8, 20]. 
Therefore we call (mM MMm,o,m) the local divisor of M at the element 
m. 


8.2 Closing the cycle 
Proposition 8.1. We have AP C LTL. More precisely, let L C X° bea 
language recognized by an aperiodic monoid M. 


(1) We can construct a formula p € LTLy[XU] such that L \ {e} = Lu(y). 
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(2) For any letter c (not necessarily in ©), we can construct a formula 
p € LTLy|[XU] such that L = Le shp). 


Proof. Note first that (1) follows from (2) by Remark 7.1. The proof of (2) 
is by induction on (|M], |E|) (with lexicographic ordering). Let h : &* — M 
be a morphism to the aperiodic monoid M. The assertion of Proposition 8.1 
is almost trivial if h(c) = 1m for all c € X. Indeed, in this case, the set 
L is a Boolean combination of the sets {£}, H+ and X“ which are easily 
definable in LTLy[XU]: we have {e£} = Les( =X T), E+ = Les(XF=XT) 
and OY = Les(nF~aXT). Note that when |M| = 1 or |X| = 0 then we 
have h(c) = 1m for all c € © and this special case ensures the base of the 
induction. 

In the following, we fix a letter c € X such that h(c) 4 1m and we let 
A= \{c}. We define the c-factorization of a word v € X”. If v € (A*c)” 
then its c-factorization is v = vgcv;cuec::: with v; € A* for alli > 0. If 
v E€ (A*c)*A®™ then its c-factorization is v = vocvic: +: Uk—1CUk Where k > 0 
and v; E€ A* for 0 < i < k and vk E€ A”. 

Consider two new disjoint alphabets T; = {h(u) | u € A*} and To = 
{[u]a | u E A®}. Let T = Tı © T> and define the mapping o : £” — T” 
by o(v) = h(vo)h(vi)h(v2)--- € TP if v € (A*c)” and its c-factorization 
is v = vocvicvzc---, and o(v) = h(vo)h(v1) ++ h(vk-1)luk]a € TIT if v € 
(A*c)*A® and its c-factorization is v = Vocv1c:  : Uk—1CUk. 


Lemma 8.2. Let L C U° be a language recognized by h. There exists 
a language K C T” which is definable in LTLr[XU] and such that L = 
o™t(K). 


Proof. We have seen that the local divisor M’ = h(c)M N Mh(c) is an 
aperiodic monoid with composition o and neutral element h(c). Moreover, 
|M'| < |M] since h(c) # 1m. Let us define a morphism g : T* — M’ as 
follows. For m = h(u) € T; we define g(m) = h(c)mh(c) = h(cuc). For 
m € T we let g(m) = h(c), which is the neutral element in M”. 

Let Ko = {[u]n | u € LOA A®} C To. We claim that LN A® = o™t (Ko). 
One inclusion is clear. Conversely, let v € o~!(Ko). There exists u € LNA® 
such that o(v) = [u]a € To. By definition of ø, this implies v € A® and 
uv Xp u. Since u € L and L is recognized by h, we get v € L as desired. 

For n € Tı and m € To, let Kn,m = nTimN n|nto(L) N Tym], and 
let Kı = Unet, mer, nm. We claim that LN (A*e)t+A® = o1(K)). 
Let first v € LN (A*c)t A® and write v = vocu- -cvp its c-factorization. 
With n = h(vo) and m = [vg]n we get o(v) E€ Knm. Conversely, let 
v € o7'(Knm) with n € Tı and m € To. We have v € (A*c)tA® and 
its c-factorization is v = vocu +- cvg with k > 0, h(vo) = n and [vg], = 
m. Moreover, x = h(v1)-++h(vp—1)[veln € [n to(L) N Tym], hence we 
find y € Třm with g(x) = g(y) and ny € o(L). Let u € L be such 
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that o(u) = ny € nTj'm. Then u € (A*c)*A®™ and its cfactorization is 
u = uocur:+-cug with £ > 0, h(uo) = n and [us], = m. By definition 
of g, we get h(cuic:+-cvpg_1c) = g(x) = gly) = h(cuic---cue_ic). Using 
h(vo) = n = h(uo) and [vk]a = m = [ueln, we deduce that v ~p u. Since 
u € L and L is recognized by h, we get v € L as desired. 

For n € Tj, let Kn w = = nTerm|n- to(L)OTY]; and let Kz = Uner, Kn,w- 
As above, we shall show that LN (A*c)” = o™!(K2). So let v € LA (A*c)” 
and consider its c-factorization v = vocvicvz:-:. With n = h(vo), we get 
a(v) € Ky. To prove the converse inclusion we need some auxiliary results. 

First, if £ ~g y ~g z with x € T” and ly|7, < w then x ~g z. Indeed, 
in this case, we find factorizations x = zoxız2::: and y = yoy1yo:-: with 
xi € Tt, yo € TĦ and y; € T3 for i > 0 such that g(x;) = g(y;) for all 
i > 0. Similarly, we find factorizations z = z9z122--- and y = ygyiy4--: 
with z; € T+, yh € TĦ and y! € T3 for i > 0 such that g(z;) = g(y;) for all 
i > 0. Then, we have g(x;) = g(yi) = h(c) = gly) = g(z) for all i > 0 and 
g(zo) = glyo) = 9(¥6) = g(Zo) since yo and yf contain all letters of y from 
Tı and g maps all letters from T> to the neutral element of M”. 

Second, if x ~g y ~g z with |yl7, = w then £z ~g y’ ~g z for some 
y’ € TY. Indeed, in this case, we find factorizations £ = xp%1%2--- and 
y = yoyiy2-:: with x; € Tt, and y; € T*T,T* such that g(x) = g(yi) 
for alli > 0. Let y; be the projection of y; to the subalphabet Tı and let 
y’ = yoyiye::: € TP. We have g(y:) = g(y;), hence x ~g y’. Similarly, we 
get y’ ~g z. 

Third, if oa(u) ~g o(v) with u,v € (A*c)” then cu %p cv. Indeed, since 
u,v € (A*c)”, the c-factorizations of u and v are of the form ucuzc--- and 
vcvc: + with u;, v; € A*. Using o(u) ~g ae ), we find new factorizations 
u = ucube: and v = viceve: with ul, v; © (A*c)*A* and h(cuic) = 
h(cvic) for all i > 0. We deduce 


cu = (cu\c)us(cugc)uy +++ ~p (cvi c)us(cvgc)ul, +++ = cvi (cuge)v4 (cule) -> 


~p CV, (CURC)U5 ee = cv. 


We come back to the proof of o™!(Kn w) C LM (A*c). So let u € 
oa! (Knw). We have u € (A*c)” and o(u) = ng € nT? with x € [n~to(L)N 
Tyg. Let y € TY be such that x %4 y and ny € o(L). Let v € L with 
a(v) = ny. We may write u = uocu’ and v = vocv’ with uo, vo E A*, 
h(uo) = n = h(vo), u,v’ € (A*c)®, x = o(u’) and y = o(v’). Since £ ~g y, 
using the first two auxiliary results above and the fact that the mapping 
a: (A*c)* > TY is eee we get oa(u’) ~g o(w1) ~g =: ~g olwk) ~g 

a ') for some w1,..., Wp E (A*c)”. From the third auxiliary result, we get 
cu’ Xp cv’. Hence, using h(uo) = h(vo), we obtain u = uocu’ Xp, vocu’ = v. 
Since v € L and L is recognized by h, we get u € L as desired. 
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Finally, let K = Ko UK, U K2. We have already seen that L = 0~!(K). 
It remains to show that K is definable in LTLr[XU]. Let N C T™, 
then, by definition, the language [N], is recognized by g which is a mor- 
phism to the aperiodic monoid M’ with |M’| < |M|. By induction on 
the size of the monoid, we deduce that for all n € Tı and N C T° 
there exists y € LTLr[XU] such that [N], = Ln,r(y). We easily check 
that nEn r(y) = Lr(n Av). Therefore, the language n[N], is definable 
in LTLy[XU]. Moreover, Ko, nTřm and nT}? are obviously definable in 
LTL7[XU]. Therefore, K is definable in LTL7[XU]. Q.E.D. (Lemma 8.2) 


Let b € X be a letter. For a nonempty word v = agajag--: E€ X \ {e} 
and a position 0 < i < |u|, we denote by u(v,i) the largest factor of 
v starting at position 7 and not containing the letter b except maybe a;. 
Formally, up(v, i) = aiai+1 + -ag where L = max{k |i < k < |v| and aj # 
b for alli < j < k}. 


Lemma 8.3 (Lifting). For each formula p € LTLs[XU], there exists a 
formula P? € LTLy[XU] such that for each v € £” \ {e} and each 0 < i < |v], 
we have v,i | p? if and only if (v, i), 0 H Q. 


Proof. The construction is by structural Ei a on y. We let @ = a. 
Then, we have =p = =p" and pV P = =V P as usual. For next-until, 
we define p XUY = (A7 P) XU (bA y s 

Assume that v, i K y XUY% p . We find i < k < |v| such that v, k = bAT 
and v, j E =b A p} for all i < j < k. We deduce that py(v, i) = aiai+1 -ae 
with £ > k and that m(v,i),k — i H wv and mlv, i), j — i H ọ for all 
i< j < k. Therefore, (v,i), 0 H p XU y as desired. The converse can be 
shown similarly. Q.E.D. (Lemma 8.3) 


Lemma 8.4. For all € € LTL7[XU], there exists a formula fe LTLy [XU] 
such that for all v € £” we have cv,0 } € if and only if o(v),0 = £. 


Proof. The proof is by structural induction on €. The difficult cases are for 
the constants m € T) or m € To. 

Assume first that € = m € Tı. We have o(v),0 — m if and only if 
v = ucv' with u € A*Nh~'(m). The language A* Nh~!(m) is recognized by 
the restriction h;4 : A* — M. By induction on the size of the alphabet, we 
find a formula Ym € LTLA[XU] such that Le, „AlPm) = A* Nh !(m). We let 
Mm = Ym ^A XFc. By Lemma 8.3, we have cv, 0 H m if and only if v = ucv’ 
with u € A* and p-(cv,0),0 H Ym. Since Paon = cu, we deduce that 
cv, 0 H m if and only if v = ucv’ with u € Le A(pm) = A* N A" (m). 

Next, assume that € = m € To. We have o(v) = m if and only if 
v € A” Nm (note that letters from Tz can also be seen as equivalence 
classes which are subsets of X°). The language A% N m is recognized by 
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the restriction hja. By induction on the size of the alphabet, we find a 
formula Ym E LTLA[XU] such that Le, A(Ym) = A® Nm. Then, we let 
M = Ym ^An XF c and we conclude as above. 

Finally, we let “é = £, EV by = & vê and for the modality next-until 
we define ¿1 XU £z = (~c V ĉ&) U (c A &). 

Assume that o(v),0 H & XU £z and let 0 < k < |a(v)| be such that 
o(v),k H & and o(v),j H & for all 0 < j < k. Let vocvicugc::- be 
the c-factorization of v. Since the logics LTLr[XU] and LTLy|XU] are pure 
future, we have o(v),k — & if and only if o(vgcvk+1 +), 0 = & if and only 


if (by induction) cvgcvg+1 +- ,0 H & if and only if cv, |cvo -+ - cug—1| H &2. 


Similarly, o(v),j H & if and only if cv, |cvg--+cvj-1] H 1. Therefore, 


——_ 


cv,0 H= & XU &9. The converse can be shown similarly. Q.E.D. (Lemma 8.4 


We conclude now the proof of Proposition 8.1. We start with a language 
LC £” recognized by h. By Lemma 8.2, we find a formula € € LTLr[XU 
such that L = o~'(£r(€)). Let E be the formula given by Lemma 8.4. 
We claim that L = Lox(€). Indeed, for v € X°, we have v € Los (€) if 
and only if cv,0 H £ if and only if (Lemma 8.4) o(v),0 — £ if and only if 
a(v) € L£r(€) if and only if v € a '(Lr(€)) auf, Q.E.D. (Proposition 8.1 


9 The separation theorem 


As seen in Section 7, an LTLy[YS, XU] formula y can be viewed as a first- 
order formula with one free variable. The converse, in a stronger form, is 
established in this section. 


Proposition 9.1. For all first-order formulae € in one free variable we 
find a finite list (Kj, ai, Li)i=1,....n where each K; € SF(%*) and each L; € 


jasay 


SF(X%®) and a; is a letter such that for all u € &*, a € X and v € X” we 
have 


(uav, |u|) = € if and only if u € Kj,a = a; and v € L; for some 1<i<n. 


Proof. By Proposition 4.2, with V = {x} we have [ė]v € SE(£ẹF). Hence, 
we can use Lemma 3.2 with A = D=! and B = Ut>°. Note that Ny = 
B*AB®™®. Hence, we obtain 


[v= U Ki- a, L; 


with a; € A, K; € SF(B*) and L; € SF(B°®) for alli. Let m : BY — X” be 
the bijective renaming defined by n(a,T) = a. Star-free sets are preserved 
by injective renamings. Hence, we can choose K; = (K!) € SF(*) and 
Li = 7(Lt) E SE(£®). Note also that aj = (a;,1) for some a; EX. Q.E.D. 
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Theorem 9.2 (Separation). Let E(x) € FOs(<) be a first-order formula 
with one free variable x. Then, (x) = ¢(x) for some LTL formula Ç € 
LTL3[YS, XU]. Moreover, we can choose for ¢ a disjunction of conjunctions 
of pure past and pure future formulae: 


VV Yi Nai A Yi 


1<i<n 


where p; € LTLy[YS], ai E€ © and y; € LTLs[XU]. In particular, every 
first-order formula with one free variable is equivalent to some formula in 
FO®, 


Note that we have already established a weaker version which applies 
to first-order sentences. Indeed, if £ is a first-order sentence, then L(y) is 
star-free by Proposition 10.3, hence aperiodic by Proposition 6.2, and finally 
definable in LTL by Proposition 8.1. The extension to first-order formulae 
with one free variable will also use the previous results. 


Proof. By Proposition 9.1 we find for each £ a finite list (Kj, ai, Li)i=1,...,n 
where each K; € SF(=*) and each L; € SF(X°) and a; is a letter such 
that for all u € X*, a € X and v € X” we have 


(uav, |u|) = € if and only if u € Ki,a = a; and v € L; for some 1<i<n. 


ee 
For a finite word bo---bm where b; are letters we let bo: -bm = bm 
This means we read words from right to left. For a language K C b* 
we let K = {w | we K}. Clearly, each X, is star-free. Therefore, using 
Propositions 6.2 and 8.1, for each 1 <i < n we find wi and y; € LTLy[XU] 
such that La, (vi) = X, and La, (Yi) = Li. Replacing all operators XU by YS 
we can transform wi € LTLy [XU] into a formula Y; € LTLy[YS] such that 
Oz 0) = P if and only if (wa, |w|) H y for all wa € E+. In particular, 
; = {w € d* | wa;, |w] = Yi}. 

“Tt remains to show that (x) = ¢(x) where Ç = Vyeje, Yi Nai A yi. Let 
w € X° \ {e} and p be a position in w. pA 

Assume first that (w, p) H E(x) and write w = uav with |u| = p. We 
have u € Ki, a = a; and v € L; for some 1 < i < n. We deduce that 
uai, |u| H| Yi and aiv, 0 H y;. Since Y; is pure past and y; is pure future, 
we deduce that ua;v, |u| = Yi A a; A pi. Hence we get w, p H ¢. 

Conversely, assume that w, p = Yi A a; A y; for some i. As above, we 
write w = uav with |u| = p. Since 2; is pure past and y; is pure future, we 
deduce that ua;, |u| H| Yi and a;v,0 = yi. Therefore, u € K; and v € Li. 
We deduce that (w, p) H E(x). Q.E.D. 
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10 Variations 


This section provides an alternative way to establish the bridge from first- 
order to star freeness and an alternative proof for Theorem 9.2. 

There is a powerful tool to reason about first-oder definable languages 
which we did not discuss: Ehrenfeucht-Fraissé-games. These games lead to 
an immediate proof of a congruence lemma, which is given in Lemma 10.2 
below. On the other hand, in our context, it would be the only place where 
we could use the power of Ehrenfeucht-Fraissé-games, therefore we skip this 
notion and we use Lemma 10.1 instead. 

Before we continue we introduce a few more notations. The quantifier 
depth qd(y) of a formula ¢ is defined inductively. For the atomic formulae 
L, P, and x < y it is zero, the use of the logical connectives does not 
increase it, it is the maximum over the operands, but adding a quantifier 
in front increases the quantifier depth by one. For example, the following 
formula in one free variable y has quantifier depth two: 


Va (Ay P(x) A 7P(y)) v (Gz Plz) A (x < z) V (z < y)) 


By FOm,~ we mean the set of all formulae of quantifier depth at most 
m and where the free variables are in the set {21,...,2,}, and FO, is a 
short-hand of FOm,0; it is the set of sentences of quantifier-depth at most 
m. 

We say that formulae y, Y € FOm,x are equivalent if L(Y) = L(w) (for all 
£). Since the set of unary predicates is finite, there are, up to equivalence, 
only finitely many formulae in FO, as soon as k and m are fixed. This 
is true for m = 0, because over any finite set of formulae there are, up to 
equivalence, only finitely many Boolean combinations. For m > 0 we have, 
by induction, only finitely many formulae of type J£k+1ı y where y ranges 
over FOm-1,k+1. A formula in FOm, is a Boolean combination over such 
formulae, as argued for m = 0 there are only finitely many choices. 


10.1 The congruence lemma 

Recall that 2%) means the set of pairs (w,p), where w € H@ is a finite or 
infinite word and P = (pi,..., px) is a k-tuple of positions in pos(w). If we 
have (u,D) € Xip) and (v,@) € Xp), then we can define the concatenation 
in the natural way by shifting q: 


(u, D) ý (v, q) = (uv, p1,- -, Pk, |u| + q;- -Jul +q) € Ekte) 


For each k and m and (w,p) € Ek) we define classes as follows: 


[(wPlme= N  £). 


pEFOm,k|(w.P) Ee 
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For k = 0 we simply write [w]m,o. Since qd(y) = qd(-y) and L(-y) = 
Xe) \ L(y) we obtain 


[(w,P)]m,k = N L(y) 
PEFOm, «| (wp) =p 


= al L(y) \ U L(y). 


PEFOm,«|(w. DEY pEFOm,k|(w,D) Ep 


Note that (u', p’) € [(u, Ð)]m,x if and only if (u, p) E p ==> (w’,D’) H y for 
all y € FOm,x if and only if [(u’, P')]m,x = [(u, B)]m,x- 


Lemma 10.1. Let |(u,P)]m, = [(u’, P )]m,x with m > 1, D = (p1,..-, Pk), 
and P = (p'1,---,P'p)- Then for all positions pz41 € pos(u) there exists a 
position pp}; € pos(u’) such that 


[(u, (Pi; -< Deka) mae [OO ND aye yD Be) ena ee 


Proof. Choose some pz41 € pos(u). We are looking for a position pi... € 
pos(u’) such that for all y € FOm-1,x+1 we have (u, (pi,.--,Pe+i)) = Y if 
and only if (u’, (p's, oh P41) = w. 

Consider the following finite (up to equivalence) conjunction: 


Y= \ w. 


PEFOm-1,441|(U,(P1,-- Pk+1)) EY 


We have (u, (pi, eres ,Pk+1)) = P, qd(3zk+1 X) <m and (u, p) = Irk Y. 
Hence (u, p') H| Axvp41V; and therefore there is some pp}, € pos(u’) such 
that (urs Cae see Dra) = Ww. 

Finally, for each Y E€ FOm-1,441, either Y implies ~ or WV implies 
aw, because either (u,(pi,---,Pe+1)) E w or (u,(p1,.--,Prei)) E aw. 
Hence, if (u, (pi, hss ,Pk+1)) i Y, then (u’, (p's, seats Disa) Zz Y, too. If 
(u, (p1, .--,Pk+1)) E =Y, then (w’, (pis ais i put) = ~y, too. The result 
follows. Q.E.D. 


The next lemma is known as congruence lemma. 


Lemma 10.2. Let [(u, D)]m,k = [a P )]m,k and [(v, 7)]m,e = (v, PZ )m,es 
where u and u’ are finite words. Then we have 
[(u,B) - (v, Dimare = [(u', p) (0,7 )]m, e+e: 


Proof. We have to show that for all y € FOm, we have (u, p) - (v,%) = ẹ 
if and only if (u’,p’) - (v’, 7’) H p. Since we get Boolean combinations for 
free, we may assume that y is of the form dxrx41% or an atomic formula. 
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If p = P(a;) andi < k, then we have (u,p) - (v, q) H| P(«:) if and only 
if (u, p) = P(a;) and the result follows. The case i > k is symmetric. 

If p = x; < xj, assume first i < k. If, in addition, j > k, then (wu, 5) - 
(v, q) H| zi < zj is true, otherwise i,j < k and we see that (u, p): (v, q) H 
zi < zj if and only if (u, p) | xi < zj. The case i > k is similar. 

It remains to deal with y = Jzk+41Y. Assume (u, p) (v, q) H p. We have 
to show that (u’,p’) - (v',g) = y. Assume first that there is some position 
Pr+1 E€ pos(u) such that 


(u, (p1,---,Pet1)) + (v.07) E V. 
By Lemma 10.1 there is some position p}, € pos(u’) such that 
[(u, (P1; ---,Pk+1))]m-1,k+1 = [(W, (Pis oS) ga) ses 
We have qd(4) < m — 1, hence by induction on m we deduce 


(tts (p's, subs P'k41)) (wv, g) = p 


This in turn implies 


(u',D) 7! (v',7) [= Arpt. 


The case where (u, p) - (v,(qi,---,@e+1)) Fw for some position qe+1 in v is 
similar. Q.E.D. 


10.2 From FO to SF and separation via the congruence lemma 
It is convenient to define a dot-depth hierarchy. The Boolean combinations 
of &* are of dot-depth zero. In order to define the m-th level of the dot- 
depth hierarchy, m > 1, one forms the Boolean closure of the languages 
K-a-L, where a € X and K, L are of level at most m — 1. Note that there 
are only finitely many languages of level m. 


Proposition 10.3. Let m > 0 and y € FOm be a sentence with quantifier- 
depth at most m. Then we find a star-free language L of level at most m 
in the dot-depth hierarchy such that L(y) = L. 


Proof. We perform an induction on m. The case m = 0 is trivial since the 
only sentences are T and L. Hence let m > 0. By definition, 


[w]m—1,0 — N L(w). 


YPEFOm-ı|wH=Y 


By induction on m we may assume that [w]m-1,0 is star-free of dot-depth 
m — 1. Consider next a sentence y E€ FOm. We want to show that L(y) is 
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of dot-depth m. Languages of dot-depth m form a Boolean algebra, thus by 
structural induction it is enough to consider a sentence y = daw. Consider 
the following union: 


T= U [u]m-1,0 < a - [v]m-1,0- 


(uav, lul) =Y 


Since [u]m—1,0 and [v]m-1,0 are star-free sets of dot-depth m — 1, there are 
finitely many sets [u]m—1,0 -a - [u]m-1,0 in the union above. In fact, it is a 
star-free expression of dot-depth m. 

It remains to show that L(y) = T. Let w € L(y) = L(x). We find a 
position in w and a factorization w = uav such that (uav, |u|) H| 4%. Since 
u € [ulm—1,0 and v E [v]m-1,0, we have uav € T, hence L(y) CT. 

The converse follows by a twofold application of the congruence lemma 
(Lemma 10.2): Indeed, let u’ € [u]m-1,0 and v’ € [v]m-1,0 then 


u’) (a, 0)]m-1,1 
u) +» (a,0)]m-1,1 = [(ua, [u))]m-1,1 
u'a, (u'l) < (v°)]m-1,1 


a, lul) - (v)]m-1,1 = [(uav, |ul)]m—1,1- 


[(v'a, [u"|) maa = 


[(w'av", ju )]lm-1,1 = 


Therefore, (uav, |u|) | w implies (u’av’, |u’|) | w and this implies u'av’ = 
day. Thus, T C L(Y). Q.E.D. 


The congruence lemma yields an alternative way to show Proposition 9.1 
(and hence the separation theorem, Theorem 9.2) too. 


Proof of Proposition 9.1 based on Lemma 10.2. Let qd(€) = m for some 
m > 0. As in the proof of Proposition 10.3 define a language: 


T= U [U]m,o <a- [Ulm,o- 
(uav,|ul) RE 


The union is finite and the classes [ulm N 5* and [v]m,o are first-order 
definable. First-order definable languages are star-free by Proposition 10.3. 
Thus, we can rewrite T as desired: 


Moreover, the proof of Proposition 10.3 has actually shown that (wav, |u|) H 
€ if and only if u € K;, a = a; and v E L; for some 1 <i<n. 

For convenience, let us repeat the argument. If (uav, |u|) H £, then we 
find an index 7 such that u € K;, a = a;, and v € L;. For the converse, let 
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u' € Kj, a’ = aj, and v’ € L; for some i. We have to show (u’a’v, |u’|) H £. 
By definition of T, we have u’ € K; = [ulm o Nd", a’ =a, and v’ € Li = 
[v]m,o for some (uav, |u|) = £. The congruence lemma (Lemma 10.2) applied 
twice yields: 


[(a’v’, 0)]m,1 = [(a", 0) - (v)Jm.a = [(@, 0) - (&)]m2 = [(av, 0)]m,1: 


[(w'a’v", lu l)]m,1 = [(u’) - (av, 0) ma = [(u) + (av, 0)]m,1 = [(uav, [u])]m,1- 


We deduce (u’a’v, |u’|) H £. Q.E.D. 


11 Counter-free and aperiodic Biichi automata 


There is a standard way to introduce recognizable languages with finite 
automata. Since we deal with finite and infinite words we use Biichi au- 
tomata with two acceptance conditions, one for finite words and the other 
for infinite words. A Btichi automaton is given as a tuple 


A = (Q, x, 6,1, F, R), 
where Q is a finite set of states and 6 is a relation: 
6CQxuUxQ. 


The set 7 C Q is called the set of initial states, the sets F, R C Q consist of 
final and repeated states respectively. 

If ô is the graph of a partially defined function from Q x È to Q and if 
in addition |Z| < 1, then the automaton is called deterministic. 

A path means in this section a finite or infinite sequence 


T = Po, 40, P1, 41, P2,42,.-- 


such that (pi, ai, pi+1) € 6 for all i > 0. We say that the path is accepting, 
if it starts in an initial state pọ € J and either it is finite and ends in a 
final state from F or it is infinite and visits infinitely many repeated states 
from R. The label of the above path m is the word u = apajaz:-- € X”. 
The language accepted by A is denoted by £(A) and is defined as the set 
of words which appear as label of an accepting path. We have L(A) C X. 
Languages of the form L(A) are called regular or regular w-languages, if 
L(A) C E” 

McNaughton and Papert have introduced the classical notion of a coun- 
ter-free deterministic finite automaton, [19]. They showed that counter- 
freeness captures star-freeness (hence aperiodicity) for languages over finite 
words. Our aim is to give a natural notion of counter-freeness for non 
deterministic (Biichi) automata such that a language L C X” is aperiodic 
if and only if it can be accepted by a counter-free Büchi automaton. To 
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the best of our knowledge, all previous extensions to infinite words used 
deterministic automata. 

If p,q E€ Q are states of A, then we let Lp, be the set of labels of finite 
paths from p to q. 


Definition 11.1. A Biichi automaton A = (Q, £, ô, I, F, R) is called coun- 
ter-free, if u™ € Lp p implies u € Lp,» for all states p E€ Q, words u € &*, 
and m > 1. 


Note that the definition is taking only the underlying transition relation 
ô into account, but does not depend on the sets J, F, or R. For deterministic 
automata counter-freeness coincides with the standard notion as introduced 
in [19]. We start with the classical result of [19] on finite words. 


Lemma 11.2. Let L C &* be a language of finite words recognized by a 
morphism h from }* to some finite aperiodic monoid M. Then the minimal 
deterministic automaton recognizing L is counter-free. 


Proof. The states of the minimal deterministic automaton recognizing L 
can be written as 


L(u) =u L= {w € =* | wwe L} 


with u € D* and all transitions have the form (L(u),a, L(ua)). Assume that 
L(uv™) = L(u) for some m > 1. Then we can take m as large as we wish 
and since M is aperiodic we may assume that 2+! = z™ for all x € M. 
Since h recognizes L, we deduce that uv™w € L if and only if w™t!w € L 
for all w € E*, i.e., L(uv™) = L(uv™*). Using L(uv™) = L(u) we obtain, 


L(u) = L(uv™) = L(uv™tt) = L((uv™)v) = L(uv). 
Hence, the automaton is counter-free. Q.E.D. 


Lemma 11.3. Let L C X* and L’ C = be accepted by counter-free 
automata. Then L- L’ can be accepted by some counter-free automaton. 


Proof. Trivial, just consider a usual construction showing that regular lan- 
guages are closed under concatenation. Essentially, the new automaton is 
the disjoint union of the two automata with additional transitions allowing 
to switch from the first one to the second one. Therefore, a loop in the 
new automaton is either a loop in the first one or a loop in the second one. 
Thus, we have no new loops and hence the result. Q.E.D. 


Proposition 11.4. Let L C = be recognized by a morphism A : 4* — M 
to some finite aperiodic monoid M. Then we find a counter-free Biichi 
automaton A with L = L(A). 


First-order languages 287 


Proof. By Remark 5.3 we can write L as a finite union of languages of type 
UV“, where U and V are aperiodic languages of finite words and where 
moreover V = h~!(e) for some idempotent e € M. By a simple construction 
on monoids we may actually assume that h~1(1) = {e} and then in turn 
that e #4 1. Hence without restriction we have V C +. The union of 
two counter-free Büchi automata is counter-free and recognizes the union 
of the accepted languages. Therefore we content to construct a counter-free 
Biichi automaton for the language UV”. By Lemmata 11.2 and 11.3 it is 
enough to find a counter-free automaton for V”. The trick is that V” can 
be accepted by some deterministic Büchi automaton. Define the witness W 
by 
W=V-(V\V™"*). 


The language W is aperiodic. By Lemma 11.2, its minimal automaton A = 
(Q, 4, 6,1, F,@) is counter-free. View this automaton as a deterministic 
Biichi automaton A’ = (Q, £, ô, I, Ø, F) where final states are now repeated 
states. (It is also counter-free according to Definition 11.1, because it is 
deterministic. ) 

The automaton A’ accepts those infinite strings where infinitely many 
prefixes are in W. We want to show that this coincides with V“. Clearly, 
w € V“ implies that w has infinitely many prefixes in W. We show that the 
converse holds, too. Let w € X” and w; be a list of infinitely many prefixes 
in W. For each w; choose some factorization w; = ujv; with u; € V and 
vi € V \ VE+t. Note there might be several such factorizations. However, 
if w; A wj, then we cannot have u; = uj, because otherwise v; is a strict 
prefix of v; or vice versa. Thus, we find infinitely many u; and by switching 
to some infinite subsequence we may assume 


Uy <UzVy < U2 < UQV2 < UZ < U3ZV3 


where < means the prefix relation. For all į we can write u;41 = u;viv;. We 
have 


w = ui (vivi (vzv) (vav) =- € VY. 
Therefore, V” is accepted by the counter-free Büchi automaton A’. Q.F.D. 


To prove that conversely, a language accepted by a counter-free Büchi 
automaton is aperiodic, we shall use a weaker notion. The following defini- 
tion coincides with the one given in [16, Definition 3.1] for non-deterministic 
finite automata in the context of finite transducers. 
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FIGURE 1. The non-deterministic Biichi automaton A, 


Definition 11.5. A Biichi automaton A = (Q, £, ô, I, F, R) is called aperi- 
odic, if for some m > 1 we have: 


u” eLp 4 wee hee 
for all states p,q € Q and words u € X*. 
Lemma 11.6. Let A be a Büchi automaton. 
1. If A is counter-free, then A is aperiodic. 
2. If A is deterministic and aperiodic, then A is counter-free. 


Proof. 1. Let u™*! € Ly q. If mis large enough, we find m+1 = kı +l+ ko 
with £ > 2 and a state s such that u® € Lys, uf € Ls s, and u"? € Le. 
Since the automaton is counter-free, we obtain u € Ls s and therefore u™ € 
Ly,q. Similarly, we can show that u” € Lp, implies u™t! € Lp. 

2. Let u” € Ly» for some m > 1. Then u™” € Lpp for m as large 
as we wish. Since the automaton is aperiodic we have u™,u’t! € Ly» for 
some m large enough. Since the automaton is deterministic, we deduce that 
u € Ly», too. Q.E.D. 


Remark 11.7. Consider the non-deterministic Biichi automaton A, of Fig- 
ure 1 which accepts {a”}. The automaton A; is aperiodic, but not coun- 
ter-free. 


The transformation monoid T(A) of A is realized as a submonoid of 
Boolean matrices. More precisely, let A have n states. We consider the 
monoid B”*” of n x n matrices over the finite commutative semiring B = 
{0,1} with max as addition and the natural multiplication as product. For 
every word u we define a matrix t(u) € B"*” by: 


t(u)[p,q]= 1 <= we Lpa 


nxn 


The mapping t : 4* > is a monoid morphism, because t(¢) is the 
identity matrix and we have for all u,v € X*: 


t(u- v)[p a] = XC t(u)[p,r] - t(v)[r, a]. 


rEQ 


The transition monoid of A is T(A) = t(X*) C B”*”. 
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FIGURE 2. The deterministic and counter-free Biichi automaton Ag 


Remark 11.8. In terms of the transition monoid, Definition 11.5 says that 
a Biichi automaton A is aperiodic if and only if the monoid T(A) is aperi- 
odic. 


The problem is that the morphism t to the transition monoid of A does 
not recognize L(A), in general. Indeed consider the deterministic automaton 
A2 on Figure 2 where the only repeated state is 2. The automaton accepts 
the language 


L = {w € {aab, bba}” | the factor aa appears infinitely often} . 


Consider the matrix t(aab) for which all entries are 0 except t(aab)[1, 1] = 1. 
We have t(aab) = t(bba), but (aab)” € L and (bba)” ¢ L. Thus t does not 
recognize L. 

It is therefore somewhat surprising that aperiodicity of T(A) implies 
that £(A) is an aperiodic language. This is proved in Proposition 11.11, 
below. 

We still need another concept. In Biichi’s original proof that regular 
w-languages are closed under complementation (see [3]) he used a finer con- 
gruence than given by the morphism t. To reflect this, we switch from the 
Boolean semiring B to the finite commutative semiring K = {0,1,co}. The 
semiring structure of K is given by z + y = max{z,y} and the natural 
multiplication with the convention 0 - œ = 0. 

In order to take repeated states into account we let Rp, C Lp,q be the 
set of labels of nonempty and finite paths from p to q, which use a repeated 
state at least once. For every word u we define a matrix h(u) € K”*” by: 


0 ifug Log, 
h(u)lp,q]=4 1 ifu € Lp, \ Rog, 
co ifu € Rpg. 


For the Büchi automaton Ag in Figure 2 we have h(aab)[1, 1] = oo, whereas 
h(bba)[1, 1] = 1. For all other entries we have h(aab)[p, q] = h(bba)|[p, q] = 0. 
Note that h(e) is the identity matrix. In the semiring K”*” we have as 
usual: 
h(w-v)[p,q] = >> h(u)lp,r] - h(v)[r, q]. 


rEQ 
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Hence, h : &* — K”*"” is a monoid morphism and we can check easily 
that h recognizes L(A). The submonoid BT (A) = h(*) C K”*” is called 
either Biichi’s transition monoid of A or the w-transition monoid of A. We 
obtain Biichi’s result [3]: 


Proposition 11.9. For every Biichi automaton A the morphism h : &* — 
BT(A) onto the w-transition monoid of A recognizes L(A). 


Corollary 11.10. A language in L C N° can be accepted by some Biichi 
automaton if and only if it can be recognized by some morphism to some 
finite monoid. 


Proof. Proposition 11.9 gives one direction. Conversely, assume that L is 
recognized by a morphism h from &* to some finite monoid M. By Re- 
mark 5.3, L is a finite union of languages of type UV”, where U,V C X* 
are recognized by h. These sets are accepted by finite deterministic au- 
tomata with M as set of states. Standard constructions on Büchi automata 
for union, concatenation, and w-power yield the result. Q.E.D. 


It also follows that regular w-languages are closed under complemen- 
tation, since recognizable languages are closed under complementation by 
definition (as they are unions of equivalence classes). 


Proposition 11.11. Let L C X% a language. The following are equivalent. 
1. There is a counter-free Büchi automaton A with L = L(A). 

2. There is an aperiodic Büchi automaton A with L = L(A). 

3. The language L is aperiodic. 


Proof. 1 = 2: Trivial by Lemma 11.6.1. 

2 = 3: Let A have n states and consider Biichi’s morphism h : &* — 
K”*” as above. We show that the submonoid BT(A) = h(X*) C K"*” 
is aperiodic. More precisely, we show for all states p,q and words u that 
h(u?™)[p, q] = h(u?™**)[p, q] as soon as m large enough. 

Since the automaton is aperiodic we find a suitable m with u™ € Ly if 
and only if u™*! € Ly, for all states p,q and words u. We immediately get 


A(u?") [p,q] >1 <=> A(w?"*)[p,q] > 1. 


Assume now that h(u?")[p, q] = co. Then for some r we have h(u?™)[p, q] = 


h(u™)|p,r] - h(u™)[r,q] and by symmetry we may assume h(u™)[r,q] = 
co and h(u™)[p,r] # 0. This implies h(u™t?)[p,r] Æ 0 and therefore 
h(u?™t [p,q] = h(u™* D ,r] - h(u™)[r,q] = œ. Similarly, we can show 


that h(u?™*+)[p, q] = œ implies h(u?™)[p, q] = 
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FIGURE 3. Aperiodicity does not imply counter-freeness for minimal size 
NFA. 


Thus we have seen that h(u?™™)[p, q] = h(u?""*')[p, q] for all u € £* and 
all states p,q. This shows that L is recognized by some aperiodic monoid 
(of size at most 3”°). 

3 => 1: This is the contents of Proposition 11.4. Q.E.D. 


The automaton A, above is counter-free, and this notion does not de- 
pend on final or repeated states. In particular, the languages {aab, bba}” 
and {aab, bba}* are further examples of aperiodic languages. 

We conclude this section with several remarks concerning counter-free- 
ness for Biichi automata. 


Remark 11.12. If L C X% is aperiodic, then we actually find some Büchi 
automaton A with L = L(A), where for all states p € Q, words u € &*, and 
m > 1 the following two conditions hold: 


1. If u™ € Lpp, then u € Lp p. 
2. If u™ € Rpp, then u € Rpp- 


This is true, because all crucial constructions in the proof of Proposition 11.4 
were done for deterministic automata. If an automaton is deterministic, 
then Condition 1 implies Condition 2, because if u™ € Rp „p and u € Lp», 
then the path labeled by u™ from p to p visits the same states as the 
path labeled by u from p to p. For non-deterministic automata the second 
condition is a further restriction of counter-free automata. 


Remark 11.13. For finite words, counter-freeness of the minimal automa- 
ton of a language L C X* characterizes aperiodicity of L. There is no 
canonical minimal Büchi automaton for languages of infinite words, but we 
may ask whether counter-freeness of a non-deterministic automaton of min- 
imal size also characterizes aperiodicity. The answer is negative. Indeed, 
consider the language L = {e, a?} Ua‘ta* which is aperiodic and accepted 
by the 3-state automaton in Figure 3. This automaton is not counter-free 
since a? € Lı ı but a ¢ Lı ı. We can check that L cannot be accepted by a 
2-state automaton. 


Remark 11.14. Let A = (Q,%,6,I) be a non-deterministic automaton 
and let B = (2°, £, ôg, {I}) be its (deterministic) subset automaton. Note 
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FIGURE 4. The Biichi automaton A accepting ©t {a?, b}¥. 


that, in this definition, we do not restrict to the accessible subsets from 
I. First, we prove that if A is counter-free, then so is Bb. Assume that 
6(X,u™) = X for some X C Q, u€ Ut and m > 0. Then, for each p € X 
we find some p’ € X with p € d(p’,u™). Iterating these backward paths, we 
find q € X such that 
ym ukm 
q —> q —> P 

Since A is counter-free, it follows q > q. Hence, p € 6(X,u!th™) = 6(X,u). 
We have proved X C ô(X,u). It follows by induction that ô(X,u) C 
(X, u™) = X. Therefore, B is counter-free. 

Next, we show that if B is counter-free then A is aperiodic. Let x € T(A) 
be in the transition monoid of A: x = t(u) for some u € X*. We have 
a™ = g™t for some m,k > 0. Let X = x™(Q) = 6(Q,u™). Since 
a” = g™tk we have 6(X,u*) = X and we deduce 6(X,u) = X since B 
is counter-free. Therefore, x™ = x™*t! and we have shown that T(A) is 
aperiodic. 

Therefore, counter-freeness of the full subset automaton is another suf- 
ficient condition for aperiodicity. But, for this to hold over infinite words, 
it is important not to restrict to the subsets accessible from J. Indeed, let 
£ = {a,b} with a Æ b and consider the language: 


L= sia bl: 


The non-deterministic 3-state Biichi automaton A in Figure 4 accepts L 
with J = {1}, F = Ø and R = {2} (an easy exercise shows that there 
is no deterministic Biichi automaton accepting L). The subset automaton 
restricted to the subsets reachable from {1} is depicted in Figure 5. This 
automaton is counter-free, but L is not aperiodic. 


12 Deciding aperiodicity in polynomial space 

This section is devoted to a construction which shows that aperiodicity is 

decidable (in polynomial space) for recognizable languages. Thus, all prop- 

erties mentioned in Theorem 1.1 are decidable for a regular oo-languages. 
Our aim is an optimal algorithm in a complexity theoretical meaning, 

and the best we can do is to find a polynomial space bounded algorithm. 


First-order languages 293 


FIGURE 5. The subset automaton B of A restricted to reachable states. 


This is indeed optimal, because PSPACE-hardness is known by [4]. It should 
be noted that our PSPACE-upper bound is not a formal consequence of 
[29] or any other reference we are aware of, because [29] deals only with 
deterministic automata over finite words. Moreover, our approach is not 
based on the syntactic congruence of Arnold [1]. Instead we start with 
any recognizing morphism and we consider its maximal aperiodic quotient. 
We check whether this monoid still recognizes the same language. This is 
possible in polynomial space, as we shall demonstrate below. We need an 
algebraic construction first. 


Proposition 12.1. Let hı : 4* — Mı be a surjective morphism onto a 
finite monoid Mı which recognizes L and let m > |M,|. Let Mi be the 
quotient of the monoid M, by the congruence generated by {2™ = 2™t! | 
x € Mı} and let h| : &* — M;i be the canonical morphism induced by hı. 
Then L is aperiodic if and only if hį recognizes L. 


Proof. First, If h} recognizes L, then L is aperiodic since Mj is aperiodic 
by construction. 

Conversely, if L is aperiodic, then there is some surjective morphism 
hə : &* — Mə which recognizes L and where Mg is aperiodic. We first show 
that L is also recognized by a quotient monoid M of both Mı and Mə. This 
means that M is a homomorphic image of Mı as well as of Mo. 


We define the relation H C &* x X* by: 
H = {(u,v) | hi(u) = hi (v) V hou) = h2(v)} . 


The transitive closure H* of H is an equivalence relation, and easily seen to 
be a congruence. Thus, we can define the quotient monoid M of &* by H+. 
We have a canonical morphism h : ©* — M and |M| < min{|Mj|, |Məļ}. 
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Since h;(u) = hi(v) implies h(u) = h(v) for all u,v € &*, the ea h 
factorizes through Mı and Mə as shown in the diagram above h = hio hi 
for i = 1,2. 

We show that h recognizes L, too. First, we note that H+ = H* where 
£ = min{|M;|,|M2|}. Indeed, if uo H u1--- H ux, with k > |Mj| then we 
find 0 <i <j < k with hi(u;) = hi(u;) and we obtain (uo, up) € H*- 9-9, 
Now, consider some u = [[pcje, ui and v = [[ocjen Vi With ui, vi E UT 
such that (u;,v;) € H for all 0 <i<n. Since H+ = H” it is enough to see 
that u € L implies v € L. Now, for all 0 <i < n there is w; € {u;, vi} with 
hi(u;) = hi(w;) and ho(w;) = he(v;). Since hı recognizes L, we have u € L 
implies [[o<,<, wi E€ L, and this implies v € L since hz recognizes L. 

The monoid M as constructed above is aperiodic, because it is a quotient 
monoid of M2. But |M| < |Mi| < m, hence 2” = x™*! for all z € M. By 
definition, Mj is the quotient of the monoid Mı by the congruence generated 
by {2 = 2! | x € Mı}. Since M satisfies all equations x™ = x™t!, the 
morphism hı : Mı — M factorizes through M!: hı = hi o g where g is the 
canonical morphism from Mı to Mj. 


hi 
By definition, h} = go hı and we deduce that h = hi,o hi. Hence, h) (u) = 


hi(v) implies h(u) = h(v) for all u,v € X*. Since h recognizes L, this 
implies that h4, recognizes L, too. Q.E.D. 


From Proposition 12.1, we can derive easily a pure decidability result. 
Indeed, if we start with a language L recognized by a Büchi automaton A 
with n states, we know that L is aperiodic if and only if it is recognized 
by some aperiodic monoid with at most 3” elements. Hence, we can guess 
a recognizing morphism h from b* to an aperiodic monoid M of size at 
most 3” , guess a set P of linked pans; compute a Büchi automaton A’ 
recognizing L’ = Uis ejer h 1(s)h—-+(e)” using Corollary 11.10, and finally 
check whether L = L’ starting from A, A’ and using complementations, 
intersections and an emptiness tests. 

The complexity of this algorithm is not optimal. In order to derive a 
PSPACE algorithm, we first establish the following characterization. 


Proposition 12.2. Let h: 4* — M be a surjective morphism that recog- 
nizes L C N°. Let g: M — M’ be a surjective morphism. Then, h’ = goh 
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recognizes L if and only if for all s,e,s’,e’ € M such that g(s) = g(s") and 
g(e) = g(e’) we have 


h(S) (ASCL = KHAL 


Intuitively, this means that the set of linked pairs associated with L is 
saturated by g. 


Proof. Assume first that h’ recognizes L. Let s,e,s’,e’ E€ M with g(s) = 
g(s’) and g(e) = g(e’) and assume that h~1(s)h~1(e)” C L. Since h is sur- 
jective, we find u,v, u’, v’ € X* such that h(u) = s, h(v) = e, h(u’) = s and 
h(v') = e’. From the hypothesis, we get h’(u) = h’(u’) and R'(v) = h'(v’). 
Now, uv” € h™t(s)h™t(e)® C L. Since h’ recognizes L we deduce uv” € 
h-*(s')h7*(e')” A L. Since h recognizes L we obtain h~*(s’)h7+(e’)® C L. 

Conversely, let u = upuju2::: € L and v = vovivo +- with uj, v; € UT 
and h’(u;) = h' (vi) for all i > 0. We have to show that v € L. Grouping 
factors u; and v; using Lemma 5.2, we find new factorizations u = ugu us- 
and v = vgvįvá: +- which satisfy in addition h(u;) = e and h(v;) = e’ for 
alli > 0. Let s = h(ug) and s’ = h(vg). We have g(s) = h’(up) = 
h' (vh) = g(s") and similarly g(e) = g(e’). Now, u € h™H(s)h™1(e)® N L £ Ø 
and since h recognizes L we get h~'(s)h~t(e)” C L. We deduce that 
veh (sh Ve')’ CL. Q.E.D. 


Proposition 12.3. We can decide in PSPACE whether the accepted lan- 
guage L C X” of a given Büchi automaton A is aperiodic. 


Proof. Let h : £* — K”*” be Büchi’s morphism and let M = BT(A) = 
h(=*) so that h : £* — M is surjective and recognizes L = L(A). Let g be 
the canonical morphism from M to the quotient M’ of M by the congruence 
generated by {a = 2+! | z € M} with m=3" > |M]. 

It is enough to design a non-deterministic polynomial space algorithm 
which finds out that L is not aperiodic. By Propositions 12.1 and 12.2, we 
have to check whether there exist four elements s,e,s’,e’ € M such that 
a(s) = 9(s"), gle) = gle’), A*(s)h-1(e)” C L and h-'(s"yh-Y(el)® g L. 
By definition of M’, this is equivalent to the existence of u, v, w, x,y,z E€ M 
and €1,€2,€3,€4 € {0,1} with h-1(s)h-(e)* C L and h7\(s')h-N(e')* Z L 
where s = wv™ tiw, e = ryt z, s! = uv™*3w and e = ryt z, 

We have h~1!(s)h~1(e)” C L if and only if there are p € I, q E€ Q 
such that (se®)[p,q] > 1 and ef|q,q] = co for some k, < n. Indeed, if 
the right hand side holds then we find an accepting run in A for some 
word u € h~+(s)h~*(e)*. Hence, we have h~!(s)h-t(e)” NL # Ø and 
since h recognizes L we deduce that h~'(s)h~+(e)” C L. Conversely, let 
u = Upuiu2... E L with h(uo) = s and h(u;) = e for i > 0. Consider an 
accepting run for u: 

p= qg Sq ge: 
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Since this run is accepting, we find k such that a repeated state is visited 

in the path qk pile qdk+1 and qk = qk+e for some £ > 0. Removing loops 

we may assume that k < n and £ < n. We get the result with q = qx. 
Therefore, we have the following algorithm. 


1. Guess six matrices u, v, w, x,y,z E M and guess four values £1, €2, €3, 
E4 in {0, 1} (with, if one wishes, €1 + €2 + E3 +€4 = 1). 


2. Compute s = uv™t1w, e = xyz, 3 = uv™t3w and e? = 
gyter, 


3. Check that h~!(s)h~1(e)” C L and h71}(s')h-l(e')* Z L. 


Computing x™ with z € M can be done with O(log m) = O(n?) prod- 
ucts of n x n matrices. Hence, steps 2 and 3 can be done in deterministic 
polynomial time, once the matrices u,v,w,xz,y,z € M are known. It re- 
mains to explain how to guess in PSPACE an element « € M = h(=*). As 
a matter of fact, it is here? where we need the full computational power 
of PSPACE. To do this, we guess a sequence a1, a2,...a; E © letter after 
letters and simultaneously we compute the sequence 


h(a1), h(aia2), Sne h(aia2 . -ai). 


We remember only the last element h(a1a2---a;) before we guess the next 


letter aj+ı and compute the next matrix. We stop with some 7 < 3”” and 
we let x = h(a,a2---a;) be the last computed matrix. Q.E.D. 


In some cases it is extremely easy to see that a language is not aperiodic. 
For example, (aa)* is recognized by the cyclic group Z/2Z of two elements. 
Every aperiodic quotient of a group is trivial. But the trivial monoid cannot 
recognize (aa)*. 


13 Very weak alternating automata 


For a finite set Q we mean by B*(Q) the non-empty positive Boolean com- 
binations of elements of Q, e.g., pA (q Vr). We write P H €, if a subset 
P C Q satisfies a formula £ € B*(Q). By definition, P = p if and only 
if p€ P. As a consequence, we have for instance {p,r} = pA (q V r) and 
{p, r,s} E p^ (qvr), but {q,r} Æ pA (qvr). Note that Ø  € since we use 
non-empty positive Boolean combinations, only. The satisfiability relation 
is monotone. This means, if P C P’ and P |= €, then P’ = €, too. 
An alternating automaton is a tuple A = (Q, £, ô, I, F, R) where 


2 For the interested reader, the test x € h(5*) is PSPACE-hard, in general [10, Problem 
MS5]. This problem is closely related to the intersection problem of regular languages, 
where the PSPACE-hardness is due to Kozen [14]. 
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e Q is a finite set of states, 


e > is a finite alphabet, 


e I € Bt(Q) is the (alternating) initial condition, 


e ô: Qx E — Bt(Q) is the (alternating) transition function (for in- 
stance, 6(p,a) = (pA (q V r)) V (q A 8) is a possible transition), 


e F CQ is the subset of final states, 
e and R C Q is the subset of repeated states. 


A run of A over some word w = aga,a2:-: E€ EX” is a Q-labeled forest 
(V, E,p) with E CV x V and p: V > Q such that 


e the set of roots {z | E~1(z) = Ø} satisfy the initial condition: 


p({z| E7! (2) =O} KI, 


e each node satisfies the transition relation: for all x € V of depth n, i.e., 
such that x € E"(z) where z € V is the root ancestor of x, we have 
n < |w| and if n < |w| then z is not a leaf and p(E(x)) | 6(p(2), an). 


If the word w is finite then the run is accepting, if each leaf x satisfies 
p(x) € F. If the word w is infinite then the run is accepting, if every 
infinite branch visits R infinitely often. Since we use nonempty boolean 
combinations of states for the transition function, if w is finite then each 
leaf must be of depth |w] and if w is infinite then each maximal branch must 
be infinite. We denote by L(A) the set of words w € X° for which there is 
some accepting run of A. 


An alternating automaton A is called very weak, if there is a partial order 
relation < on Q such that the transition function is non-increasing, i.e., for 
each p,q E€ Q and a € È, if q occurs in d(p,a) then q < p. Clearly, we can 
transform the partial ordering into a linear ordering without changing the 
condition of being very weak. The next proposition shows that every first- 
order definable language can be accepted by some very weak automaton. 
The converse is shown in Proposition 13.3. 


Proposition 13.1. For any formula € € LTLy(XU), we can construct a 
very weak alternating automaton A over © such that L(A) = L(€). 


3 In [17] a very weak automaton is therefore called a linear alternating automaton. 
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FIGURE 6. A run on the left and on the right the new tree with fresh leaves. 


FIGURE 7. The new run with leaves on level m + 1. 
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A B C D E F G H I 


FIGURE 8. Another run with leaves on level m + 1. 


FIGURE 9. The new run with fewer labels at the leaves on level m. 


300 V. Diekert, P. Gastin 


Proof. First, we push the negations down to the constants. For this we need 
a dual for each operator. Clearly, V and A are dual to each other. The dual 
of next-until is next-release which is defined by 


p XR b = (ay XU =). 


Hence, the semantics of next-release is given by 


(pyXRp)(a) =Vz: x< z —> ylz) VJy: c<y<zAvly). 


Note that this is always true at the last position of a finite word: for all 
v € Dt, we have v, |v] — 1 = ọ XR y for all formulae y and 7. One may 
also notice that 


p XR =XGY V (4% XU (p A4). 


All LTLs(XU) formulae can be rewritten in positive normal form fol- 
lowing the syntax 


gu=Ll|Tlal-alepvye|pAg|exXUy|yxXRy. 


Transforming a formula into positive normal form does not increase its size, 
and the number of temporal operators remains unchanged. 

So, let € be an LTL formula in positive normal form. We define the 
alternating automaton A = (Q, £, ô, I, F, R) as follows: 


e The set Q of states consists of L, T, END and the sub-formulae of & 
of the form a, ~a, py XU w or y XR y. Here, END means that we have 
reached the end of a finite word. Note that each sub-formula of € is 


in Bt(Q). 


e The initial condition is I = € itself. 


e The transition function is defined by 


Foe i ifb=a 


1 otherwise 


RSet) = if ifb=a 


otherwise 


6(T,a) = 
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e The set of final states is F = {T, END}. 


e The repeated states are the next-release sub-formulae of € together 
with T. 


Using the sub-formula partial ordering, we see that the alternating automa- 
ton A is very weak. We can also easily check that L(A) = £(€). Note that 
in a run over an infinite word, each infinite branch is ultimately labeled T 
or L or with a XU or XR formula. A state ọ XU y is rejecting since if a 
branch is ultimately labeled with this state, this means that the eventual- 
ity w was not checked. On the other hand, y XR w is accepting since if a 
branch is ultimately labeled with this state then w is ultimately true for 
this word. Q.E.D. 


As we see below, it is easy to transform a very weak alternating automa- 
ton into a Biichi automaton. We follow the construction of [11]. However, 
for this purpose it is convenient to generalize the acceptance conditions. A 
generalized Büchi automaton is a tuple 


A= (O20; I, Flic Tr) 
where Q is a finite set of states, © is a finite alphabet, 
6CQxuxQ 


is the non deterministic transition relation, J C Q is the subset of initial 
states, F C Q is the subset of final states, and 7T),...,7; C 6 defines the 
accepting conditions. An infinite run qo, @1, 41, G2, q2,°:- is accepted by 
A if for each 1 < i < r, some transition in T; occurs infinitely often in 
the run. Hence, the acceptance condition is generalized in two respects. 
First, it uses accepting transitions instead of accepting states. Second it 
allows a conjunction of Biichi’s conditions. Obviously, each generalized 
Buchi automaton can be transformed into an equivalent classical Büchi 
automaton. 

From a very weak alternating automaton, we construct an equivalent 
generalized Biichi automaton as follows. Let A = (Q, £, ô, I, F, R) be a very 
weak alternating automaton. We define A’ = (Q', £, 6’, I', F’, (Ts) ser) by 


e Q! = 22, 
ol ={PCQ|PE]j, 


e (P,a, P’) € 6” if and only if P' E Apep 4(p, a), 


e F' = 2F is the set of final states, 
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e for each p ¢ R we have an accepting condition 


Tp = {(P,a, P’) | p ¢ P or P’\ {p}  d(p, a)}. 


Proposition 13.2. The automata A and A’ accept the same language. 


The proof that A and A’ accept the same language is a little bit technical, 
but not very hard. Details are left to the reader or can be found in [22]. 
We now state and prove the converse of Proposition 13.1. 


Proposition 13.3. Let L C X% be accepted by some very weak alternating 
automaton. Then L is aperiodic. 


Proof. Let A = (Q, £, ô, I, F, R) be a very weak alternating automaton. For 
a word u and subsets P and P’ of Q we write 


PSP, 


if A has a run (V, E, p) over u, where P is the set of labels of the roots 
and P’ is the set of labels of the leaves on level |u|. This means that in the 
corresponding generalized Biichi automaton A’ there is path from state P 
to state P’, which is labeled by the word u. 


Let m = |Q|, we want to show that P +5 P if and only if P ea 
for all words u and subsets P and P’. This implies that the transformation 
monoid of A’ is aperiodic. Then, we conclude that languages accepted by 
very weak alternating automata are always aperiodic in a similar way as in 
the proof of Proposition 11.11, (because the generalized accepting condition 
can be easily incorporated in that proof). 


First, assume that P . P’ and let us see that P = P’, too. This is 
true if u is the empty word. Hence we may assume that |u| > 1. Let (V, E, p) 
be the forest which corresponds to this run. We assume that P = {p} and 
that (V, Æ, p) is tree. This is not essential, but it simplifies the picture a 
little bit. To simplify the picture further, we assume that u = a is in fact a 
letter. Formally, we replace EF by E lul and we restrict the new forest to the 
tree which has the same root as (V, E, p). Note that the set of leaves which 
were on level |u| before are now exactly the leaves on level |m|. Hence the 
assumption u = a is justified. 

Since m = |Q| we find on each branch from the root to leaves a first 
node which has the same label as its parent node. This happens because 
the automaton is very weak and therefore the ordering on the way down 
never increases. We cut the tree at these nodes and these nodes are called 
fresh leaves. See Figure 6, where the fresh leaves have labels q, q, p, and r 
from left-to-right. 
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Now, at each fresh leaf we glue the original sub tree of its parent node. 
We obtain a new tree of height m + 1 which has as the set of labels at level 
m + 1 exactly the same labels as before the labels at level m in the original 
tree. (See Figure 7.) It is clear that the new tree is a run over u’*t! and 


m+1 
thus, P = > P as desired. 


For the other direction, assume that P “sy P’ and let (V, E, p) be a 
forest which corresponds to this run. Just as above we may assume that 
(V, E,p) is a tree and that u is a letter. This time we go down from the 
root to leaves and we cut at the first node, where the node has the same 
label as one of its children. See Figure 8. Now, we glue at these new leaves 
the original sub tree of one of its children which has the same label. 

We obtain a new tree of height m such that each label at the leaves on 
level m appeared before as a label on some leaf of the original tree (V, E, p) 
at level m + 1, see Figure 9. 


Thus, P 22 P" for some subset P” C P’. But the satisfiability relation 
is monotone; therefore P => P’, too. Thus, indeed P 5 P’ if and only if 
m+1 
P= P' for m= |Q]. Q.E.D. 
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Abstract 


The aim of this paper is to shed new light onto the relations be- 
tween the complement problem and the unambiguity in the family of 
recognizable picture languages. It is known that, contrary to the one- 
dimensional case, the family REC of recognizable picture languages 
is not closed under complementation and that the family UREC of 
unambiguous recognizable picture languages is a proper subfamily of 
REC. The interest to investigate the relations between these two facts 
was raised by Wolfgang Thomas. In this paper we present a novel 
general framework to study such a problem, by introducing some 
complexity functions on pictures languages. 


1 Introduction 


Picture (two-dimensional) languages were studied using different approaches 
and perspectives since the sixties as the natural counterpart in two dimen- 
sions of (one-dimensional) string languages. In 1991, a unifying point of 
view was presented in [6] where the family of tiling recognizable picture 
languages is defined (see also [7]). The definition of recognizable picture 
language takes as starting point a well known characterization of recogniz- 
able string languages in terms of local languages and projections. Namely, 
any recognizable string language can be obtained as projection of a local 
string language defined over a larger alphabet. Such notion can be extended 


* We heartily thank Oliver Matz for his careful readings and suggestions. 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 307-329. 
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in a natural way to the two-dimensional case: more precisely, local picture 
languages are defined by means of a set of square arrays of side-length two 
(called tiles) that represents the only allowed blocks of that size in the pic- 
tures of the language (with special treatment for border symbols). Then, 
we say that a two-dimensional language is tiling recognizable if it can be 
obtained as a projection of a local picture language. The family of all tiling 
recognizable two-dimensional languages is called REC. Remark that, when 
we consider strings as particular pictures (that is pictures in which one side 
has length one), this definition of recognizability coincides with the one for 
the strings, i.e. the definition given in terms of finite automata. Further the 
definition of class REC turns out to be robust because it inherits most of 
the important properties from the class of regular string languages (see also 
[8]). Moreover tiling recognizable picture languages have been considered 
and appreciated in the picture processing and pattern recognition fields (see 
[14]). Finally the approach to recognizability in terms of tiling systems is 
very close to that one proposed by Woflgang Thomas in the more general 
context of graphs (cf. [11, 17]). 

A crucial difference between the recognizability of string languages and 
the one of picture languages in REC arises directly from its definition. The 
definition of recognizability in terms of local languages and projections is 
implicitly non-deterministic (notice that in the one-dimensional case a tiling 
system corresponds in general to a non-deterministic automaton). This 
fact is strengthened by another result: the class REC is not closed under 
complementation. As a consequence, we infer that it is not possible to 
eliminate the non-determinism from this model without losing in power 
of recognition (as long as deterministic versions allow complementation). 
Problems on deterministic tiling systems are considered in [1]. If we denote 
by co-REC the family of languages whose complement is in REC, we have 
that REC is strictly included in REC U co-REC. 

In this scenario, related to the problem of defining a subset of REC 
closed under complement, unambiguity plays a central role as intermedi- 
ate notion between determinism and non-determinism. As determinism, 
unambiguity corresponds to the existence of a unique process of computa- 
tion, but while determinism is a “local” notion, unambiguity is a “global” 
one. Recall that, for regular string languages, the three notions of deter- 
minism, non-determinism and unambiguity coincide while in more general 
structures this is not true (see for instance [13]). Unambiguous recognizable 
two-dimensional languages have been introduced in [6], and their family re- 
ferred to as UREC. Informally, a picture language belongs to UREC when 
it admits an unambiguous tiling system, i.e. such that every picture has 
a unique counter-image in its corresponding local language. In [2] sev- 
eral problems on class UREC are studied and it is proved that UREC is 
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strictly included in REC. Very recently, in [12], unambiguous recognizable 
picture languages are considered in relation to picture series definable by 
some weighted logic. 

In this paper we present a novel general framework to study properties 
of recognizable picture languages and then use it to study the relations 
between classes REC U co-REC, REC and UREC. The strict inclusions 
among these classes have been proved in [4], [10], [2], respectively, using ad- 
hoc techniques. Here we propose again those results in a unified formalism 
and proof method with the major intent of establishing relations between the 
complement problem and unambiguity in the family of recognizable picture 
languages. Remark that the interest for such relations was also raised by 
Wolfgang Thomas in [13]. 

We introduce some complexity functions on picture languages and com- 
bine two main techniques. First, following the approach of O. Matz in [10], 
we consider, for each positive integer m, the set L(m) of pictures of a lan- 
guage L having one dimension (say the vertical one) of size m. Language 
L(m) can be viewed as a string language over the alphabet (of the columns) 
£1, The idea is then to measure the complexity of the picture language L 
by evaluating the grow rate, with respect to m, of some numerical parame- 
ters of L(m). In order to specify such numerical parameters we make use, 
as a second technique, of the Hankel matrix of a string language. The pa- 
rameters are indeed expressed in terms of some elementary matrix-theoretic 
notions of the Hankel matrices of the string languages L(m). In particular, 
we consider here three parameters: the number of different rows, the rank, 
and the maximal size of a permutation submatrix. 

We prove three main theorems that establish some bounds on corre- 
sponding complexity functions based on those three parameters, respec- 
tively. Then, as applications for those bounds we analyze the complexity 
functions of some examples of picture languages. Interestingly the lan- 
guages we propose have quite similar definitions based on a combination of 
the existence or non-existence of duplicate columns in the pictures either 
for a single column or for all the columns. By means of those languages we 
re-prove the strict inclusions of families REC U co-REC, REC and UREC. 

Moreover we show an example of a language in REC that does not belong 
to UREC and whose complement is not in REC. This language introduces 
further discussions on relations between unambiguity and non-closure under 
complement. 

The paper is organized as follows. We start, in Section 2, by introduc- 
ing some basic two-dimensional languages terminology and definitions and 
recalling the technique due to O. Matz to reduce a picture language to a 
family of string languages on the columns alphabets. Then in Section 3 we 
introduce our novel technique by defining complexity functions based on 
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Hankel matrices. In Section 4 we recall all definitions and properties of the 
family REC of tiling recognizable picture languages. Our main results are 
proved in Section 5 while in Section 6 we apply them to some picture lan- 
guages in order to establish some separation results. Finally, in Section 7 we 
discuss some further directions for the introduced techniques and propose 
some related questions. For sake of completeness, we report here most of 
proofs of the results we cite. 


2 Picture languages 


In this section we introduce some definitions about two-dimensional lan- 
guages and their operations. More notations and definitions can be found 
in [7]. 

Let © be a finite alphabet. A picture (or two-dimensional string) over X 
is a two-dimensional rectangular array of elements of ©. Given a picture p, 
let p(i, j) denote the symbol in p with coordinates (i, j), moreover the size 
of p is given by a pair (m,n) where m and n are the number of rows and 
columns of p, respectively. The set of all pictures over © of size (x,y) for 
all z,y > 1 is denoted by ©** and a picture (two-dimensional) language 
over X is a subset of X++, Remark that in this paper we do not consider 
the case of empty pictures (i.e. pictures where the number of rows and/or 
columns can be zero). The set of all pictures over X of fixed size (m,n), 
with m,n > 1 is denoted by X™”. We give a first example of a picture 
language. 


Example 2.1. Let L be the language of square pictures over an alphabet 
x, that is: 
L= {p |p has size (n,n), n > 0}. 


We now recall the classical concatenation operations between pictures 
and picture languages. Let p and q be two pictures over an alphabet X, 
of size (m,n) and (m’,n’) with m,n,m’,n’ > 0, respectively. The column 
concatenation of p and q (denoted by pO q) and the row concatenation of p 
and q (denoted by p© q) are partial operations, defined only if m = m’ and 
if n =n’, respectively and are given by: 


pOq= p q poq= 


As done in the string language theory, these definitions of picture concatena- 
tions can be extended to define two-dimensional language concatenations. If 
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Lı, Lz are picture languages over an alphabet X, the column concatenation 
of Lı and Lə is defined by 


Lı 0lg={x#Oy|xre Lı and y € Lo} 
Similarly, the row concatenation of Lı and Lə is defined by 
Lı © Lə = {xOy |x € Lı and y E€ Lə} 


Furthermore, by iterating the concatenation operations, we obtain the 
column and row closure or star. More precisely: the column closure of L 
(denoted by L*®) and the row closure of L (denoted by L*®) are defined 
respectively as 


PO =|]; L® and L*9 =; Pe 
where 110 = L, L"® = L®-DÐO Ọ L and LO = L, LPP = LODS oF. 


We conclude this section by describing a technique, introduced by 
O. Matz in [10], that associates to a given picture language L an infinite se- 
quence (L(m))m>1 of string languages. Let L C U+* be a picture language. 
For any m > 1, we consider the subset L(m) C L containing all pictures 
with exactly m rows. Such language L(m) can be viewed as a string lan- 
guage over the alphabet ="! of the columns, i.e. words in L(m) have a 
” fixed height m”. For example, if 


a b baa 

a a b ba 
E wa Ba i 

a a aa b 

then the word 

aļl|b bllallaltla 
alla||b6 b blia 
=Tollollalloll olla 
allalla|l|a|]a]]|ob 


belongs to the string language L(4) over the alphabet of columns 


mata 4 |") |aysted 
t 


Observe that studying the sequence (L(m))m>1 of string languages cor- 
responding to a picture languages L does not capture the whole structure 
of L because in some sense it takes into account only its horizontal dimen- 
sion. Nevertheless it will be very useful to state some conditions for the 
recognizability of the picture language L. 
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3 Hankel matrices and complexity functions 


In this section we introduce a novel tool to study picture languages based on 
combining two main techniques: the Matz’s technique described above (that 
associates to a given picture language L an infinite sequence (L(m))m>1 of 
string languages) and the technique that describes a string language by 
means of its Hankel matrix. As results there will be the definitions of some 
complexity functions for picture languages that will be used to state some 
necessary conditions on recognizable picture languages. 


Hankel matrices were firstly introduced in [16] in the context of formal 
power series (see also [3] and [15]). Moreover they are used under different 
name in communication complexity (see [9]). 


Definition 3.1. Let S C A* be a string language. The Hankel matrix of 
S is the infinite boolean matrix Hg = [hay|rca* year Where 


hoz 1 ifayeS 
wu) 0 ifay¢S. 


Therefore both the rows and the columns of Hs are indexed by the set 
of strings in A* and the 1s in the matrix gives the description of language 
S in the way described above. 

Given an Hankel matrix Hs, we call submatrix of Hs a matrix Kg 
specified by a pair of languages (U,V), with U,V C A*, that is obtained by 
intersecting all rows and all columns of Hs that are indexed by the strings 
in U and V, respectively. Moreover, given two Hankel submatrices K} and 
K2, their intersection is the submatrix specified by the intersections of the 
corresponding index sets respectively. 

Moreover we recall some further notations on matrices. A permutation 
matrix is a boolean matrix that has exactly one 1 in each row and in each 
column. Usually when dealing with permutation matrices, one makes a 
correspondence between a permutation matrix D = [d;;j] of size n with a 
permutation function o = IN — WN by assuming that di; = 1 & j = a(i). 

Finally we recall that the rank of a matrix is the size of the biggest 
submatrix with non-null determinant (with respect to field Z). Alterna- 
tively, the rank is defined as the maximum number of row or columns that 
are linearly independent. Then, observe that, by definition, the rank of a 
permutation matrix coincides with its size. 


Given a picture language L over the alphabet X, we can associate to 
L an infinite sequence (Hz(m))m>1 of matrices, where each Hz(m) is the 
Hankel matrix of string language L(m) associated to L. 

We can define the following functions from the set of natural numbers 
N to NU œ. 
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Definition 3.2. Let L be a picture language. 


i) The row complexity function Rz(m) gives the number of distinct rows 
of the matrix Hz (m); 


ii) The permutation complexity function Pr (m) gives the size of the max- 
imal permutation matrix that is a submatrix of Hz (m); 


iii) The rank complexity function Kr(m) gives the rank of the matrix 
Hy(m). 


Notice the all the functions Rz(m), Pr(m) and Kz(m) defined above 
are independent from the order of the rows (columns, resp.) of the Hankel 
matrix Hz(m). In the sequel we shall use any convenient order for the set 
of strings that index the rows and the columns. We can immediately state 
the following lemma. 


Lemma 3.3. Given a picture language L, for each m € N: 


Proof. The rank of a matrix is the size of the biggest submatrix whose 
rows are linearly independent and therefore the rank is greater than or 
equal to the size of any permutational submatrix (recall that the rank of a 
permutational matrix is equal to its size). 

Moreover if two rows are linearly independent they should be different 
and therefore Kz (m) < Rz(m). Q.E.D. 


Example 3.4. Consider the language L of squares over a two-letters al- 
phabet © = {a,b} described in Example 2.1. Observe that, for each m > 0, 
L(m) is the finite language of all possible strings of length m over the al- 
phabet of the columns ©”. Then consider the Hankel matrix of L(m): it 
has all its 1s in the positions indexed by pairs (x,y) of strings such that 
|x| + |y| = m. Now assume that the strings that index the rows and the 
columns of the Hankel matrix are ordered by length: we can have some non- 
zero positions only in the upper-right portion of H;(m) that are indexed 
by all possible strings of length < m on the alphabet 5"1!, included the 
empty word. More specifically, in this portion the matrix Hz (m) has all 0s 
with the exception of a chain of rectangles of all 1s from the top-right to 
the bottom left corner. This is represented in the following figure where the 
numbers 0,1,...,m — 1,m indicate the length of the index words. 
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0 1 m— 1 m 
C A) 
0 1 
1 1 
1 
m—1 
m || 1 


It is easy to verify that the number of different rows in Hz (m) is equal 
to m+ 1 and this is also the number of rows of a permutation submatrix 
and this is also the rank of Hz (m). 

Then for this language it holds that for all positive m: 


Pr(m) = Kz, (m) = Rr(m) = m+. 


Example 3.5. As generalization of the above Example 3.4, consider the 
language L of pictures over an alphabet © of size (n, f(n)) where f(n) is a 
non-negative function defined on the set of natural numbers, that is: 


L= {p| pis of size (n, f(n)}. 


Similar arguments as in the above example show that, for each m > 0, 
language L(m) is a finite language (it contains all strings of length f(m) over 
the alphabet of the columns ©") and then, for all positive m: P,(m) = 


Example 3.6. Consider the language L of pictures over an alphabet X of 
size (n, 2n) such that the two square halves are equal, that is: 


L={pOp|p is a square}. 
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Again, as in the Example 3.4, for each m > 0, language L(m) is a finite lan- 
guage (it contains all strings of length 2m over the alphabet of the columns 
£l of the form ww). Then, doing all the calculations, one obtains that, 
for all positive m, Pr(m), Kr(m) and Rz (m) are all of the same order of 
complexity O(o”’), where ø is the number of symbols in the alphabet ©. 


4 Recognizable picture languages 


In this section we recall definitions and basic properties of tiling recognizable 
two-dimensional languages firstly introduced in 1992 in [6]. We recall the 
definition of local and recognizable picture languages and the corresponding 
family LOC and REC. We state and discuss closure properties of REC under 
concatenations and Boolean operations. Furthermore, we give the definition 
of unambiguous recognizable picture languages and of class UREC. The 
notations used together with all the results and proofs mentioned here can 
be found in [7]. 

In order to describe scanning or recognizing strategies for pictures, it 
is needed to identify the symbols on the boundary. Then, for any picture 
p of size (m,n), we consider picture p of size (m + 2,n + 2) obtained by 
surrounding p with a special boundary symbol # ¢ Ui. We call tile a square 
picture of dimension (2,2) and given a picture p we denote by B2,2(p) the 
set of all blocks of p of size (2, 2). 

Let T be a finite alphabet. A two-dimensional language L C T+ is local 
if there exists a finite set © of tiles over the alphabet T U {#} such that 
L = {x € T+ | B22(2) C O}. We shall write L = L(O). Therefore tiles 
in © represent all the allowed blocks of size (2,2) for the pictures in L. The 
family of local picture languages will be denoted by LOC. We now give an 
example of a local two-dimensional language. 


Example 4.1. Let T = {0,1} be an alphabet and let © be the following 
set of tiles over T. 


O|#| |O|#| |# #) L# #) | #| #) | #| # 

1# [OTH] lolo] fora] #1 folF 
o_) #4) Æ] ©] PE) +o) C 
+) L#LO] [#10] L#L#] LALA) LALA) L#l# 

11/0] [ofo] [0/1] [ofo 

o;1| foli| foto] loto 


The language L(Q) is the language of square pictures (i.e. pictures of size 
(n,n) with n > 2) in which all diagonal positions (i.e. those of the form (i, i)) 
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carry symbol 1, whereas the remaining positions carry symbol 0. That is, 
pictures as the following: 


o| o| =| O| O| © 
O| =| 9| S| 9| © 
RL O Sol ol o © 


olol ol =| oO] o 


olo olol oj. 
olo oo| FR] © 


Notice that the language of squares over a one-letter alphabet is not a 
local language because there is no “local strategy” to compare the number 
of rows and columns using only one symbol. 

Let I and © be two finite alphabets. A mapping m : IT — © will be in 
the sequel called projection. The projection q (p) of p € [+7 of size (m, n) is 
the picture p' € =+* such that p'(i, j) = m(pli, j)) forall 1<i<m,1< 
j <n. Similarly, if L C T** is a picture language over T, we indicate by 
m(L) the projection of language L, i.e. r(L) = {p'|p' = 7(p), p € L} C E+. 

A quadruple TJ = (£,T,©O,7) is called tiling system if X and T are 
finite alphabets, © is a finite set of tiles over I U {#} and m : FT > È is 
a projection. Therefore, a tiling system is composed by a local language 
over I’ (defined by the set ©) and a projection m : T —> X. A two- 
dimensional language L C X++ is tiling recognizable if there exists a tiling 
system T = (X, T, 0,7) such that L = 1(L(@)). Moreover, we shall refer to 
L' = L(O) as an underling local language for L and toT as a local alphabet 
for L. Let p € L, if p' € L’ is such that z(p’) = p, we refer to p' asa 
counter-image of p in the underling local language L’. 

The family of all two-dimensional languages that are tiling recognizable 
is denoted by REC. We give here some examples to which we shall refer in 
the sequel. 


Example 4.2. Let L be the language of square pictures (i.e. pictures of 
size (n,n)) over one-letter alphabet © = {a}. To show that language L 
is in REC we remark that it can be obtained as projection of language in 
Example 4.1 by mean of projection 7(0) = 7(1) =a. 


Example 4.3. Let L be the language of pictures p whose first column is 
equal to the last one. We have that L € REC. Indeed we can define a 
tiling system where the information on each letter of the first column of 
p is brought along horizontal direction, using some subscripts, to the last 
column of p. More precisely, we use a local alphabet T = {z, | x,y € E} 
with x,y € È (the subscripts y are used to recall the symbols in the first 
column of a picture), the projection m(x,) = x. The set of tiles is such that, 
for p E€ L and some i, j we have that if p;ı = y and p; j = x then Pig = Ly 
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with z(p’) = p. The tiles of the left border must be of the form f 3 , the 
t 
tiles of the right border must be of the form 3 i , whereas the “middle 
t 
tiles” must be of the form 3 = . Here below it is given an example of 
t | Te 
a picture p E€ L C {a,b}* together with a corresponding local picture p’. 
biblaļbib by | ba | aa | bo | by 
ala|ļ|bjala Qa | Qa | ba | Qa | Qa 
p=|bjaļaļal|b p =| by | apy | ap | ap | bo 
a|b|b|bja Qa | ba | ba | ba | Ga 
a|b|bl]bla Qa ba ba ba Qa 


We remark that a tiling system T = (£,T,©O,r) for a picture language 
is in some sense a generalization to the two-dimensional case of an automa- 
ton that recognizes a string language. Indeed, in one-dimensional case, the 
quadruple (£, IT, ©, 7) corresponds exactly to the state-graph of the automa- 
ton: the alphabet T is in a one-to-one correspondence with the edges, the 
set © describes the edges adjacency, the mapping 7 gives the labelling of the 
edges in the automaton. Then, the set of words of the underlying local lan- 
guage defined by set © corresponds to all accepting paths in the state-graph 
and its projection by 7 gives the language recognized by the automaton. As 
consequence, when rectangles degenerate in strings the definition of recog- 
nizability coincides with the classical one for strings (cf. [5]). 


4.1 Closure properties of family REC 


The family REC is closed with respect to different types of operations. 
We recall the following theorems without proof (the interested reader can 
consult [7]). 


Theorem 4.4. The family REC is closed under alphabetic projection. 


Theorem 4.5. The family REC is closed under row and column concate- 
nation and under row and column stars operations. 


Theorem 4.6. The family REC is closed under union and intersection. 


As immediate application of this closure properties we have that, as 
we do in the string case, we can define recognizable languages by means 
of picture regular expressions starting from finite languages containing a 
single picture of one symbol and using operations of union, intersection, 
row and column concatenations and closures and projection. We see this in 
the following examples. 
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Example 4.7. Let us consider again language L in Example 4.3 of pictures 
such that the first column is equal to the last one. We showed that L € REC 
by giving explicitly a tiling system for it. It is also easy to show that L can 
be obtained by using concatenations and star operations as follows: 


L= |] (a0 £2 oa))*? 
aed 


where a denotes the size (1,1) picture containing symbol a. 


Example 4.8. Let L be the language of pictures p of size (m,n) with the 
property “ J1 < i,j < n such that the i-th column of p is equal to the j-th 
column of p”. Observe that 


L=~xS*+oLloxytt 


where L’ is the language of pictures with the first column equal to the last 
one given the the above Example 4.3. 


Given two string languages S,T C &*, we define the row-column combi- 
nation of S,T to be a picture language L = S@T as the set of all pictures p 
such that all rows of p belongs to language S and all columns of p belongs to 
language T. Notice that we can write L = S°*NT°*, then, as consequence 
of above closure properties, it holds the following corollary. 


Corollary 4.9. If S,T C * are recognizable string languages then picture 
language L = S@T € REC. 


We use this result in the next example. 


Example 4.10. Let L be the language of pictures p over an alphabet X of 
size (m,n) with the property “41 <i < n such that the i-th column of p is 
different from all the other columns of p”. We show that L is in REC. 

It is convenient to define a new alphabet A. Assume that © has o 
symbols. Then, for each s € X we define a new alphabet X, obtained 
by adding a subscript s to each element of © and define a new alphabet 
A= Ues Xs. Let x,s € X. 


We now consider two string languages L(h) and L(v) over the alphabet 
ZUA: 


L(h) = (J Stsk3 
sex 


L(v) =D*U | (Ata, A*) 
rs 
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and a projection 7 : X U A —> È that erases subscripts (whenever there 
are). Then one can verify that L = 1(L(h) @ L(v)) and hence, by Theorem 
4.4 and Corollary 4.9, L € REC. 


All those closure properties confirm the close analogy with the one- 
dimensional case. The big difference regards the complement operation. In 
[7], using a combinatorial argument, it is showed that language in Example 
3.6 is not tiling recognizable while it is not difficult to write a picture regular 
expressions for its complement. This proves the following theorem. 


Theorem 4.11. REC is not closed under complement. 


As consequence of this theorem, it is interesting to consider the family 
REC U co-REC of picture languages L such that either L itself or its com- 
plement SL is tiling recognizable. Observe that REC is strictly included 
in REC Uco-REC. In Section 5 we shall state a necessary condition for a 
language to be in REC Uco-REC. 


4.2 Unambiguous Recognizable Languages 


The definition of recognizability in terms of local languages and projections 
is implicitly non-deterministic. This can be easily understood if we refer 
to the one-dimensional case: if no particular constraints are given for the 
set O, the tiling system 7 = (,T,0,7) corresponds in general to a non- 
deterministic automaton. Moreover Theorem 4.11 shows that is not possible 
to eliminate non-determinism from this definition (as long as determinism 
allows complementation). 

All these results motivated the definition of the class of unambiguous 
recognizable two-dimensional language firstly given in [6]. Informally, a tiling 
system is unambiguous if every picture has a unique counter-image in its 
corresponding local language. Let L C X*+ be a two-dimensional language. 


Definition 4.12. A tiling system T = (£, T, 0,7) is an unambiguous tiling 
system for L = L(T) if and only if for any picture x € L there exists a unique 
local picture y € L(O) such that x = m(y). 


An alternative definition for unambiguous tiling system is that function 
m extended to [++ — S++ is injective. Observe that an unambiguous tiling 
system can be viewed as a generalization in two dimensions of the definition 
of unambiguous automaton that recognizes a string language. 

A recognizable two-dimensional language L C X++ is unambiguous if 
and only if it admits an unambiguous tiling system T = (£, T, 0,7). We de- 
note by UREC the family of all unambiguous recognizable two-dimensional 
languages. Obviously it holds true that UREC C REC. 

In [2], it is shown that it undecidable whether a given tiling system is un- 
ambiguous. Furthermore some closure properties of UREC are proved. The 
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main result in [2] shows that UREC is strictly contained in REC and there- 
fore that there exist languages that are inherently ambiguous. In Section 5 
we shall re-state a necessary condition for a language to be in UREC. 


5 Recognizability conditions based on complexity 
functions 


In this section we state three theorems that give necessary conditions for 
a picture language to be in REC Uco-REC, REC and UREC, respectively. 
Although these theorems are re-formulations of corresponding ones given 
in [4], [10], [2], respectively, here all the results are given in this unify- 
ing matrix-based framework that allows to make connections among these 
results that before appeared unrelated. 

We first report a lemma given in [10]. Let L be a recognizable picture 
languages and let 7 = (%,T', 0,7) a tiling system recognizing L. 


Lemma 5.1. For all m > 1 there exists a finite automaton A(m) with 7™ 
states that recognizes string language L(m), where y = |[ U {#}l. 


Proof. For any positive integer m, we define the non-deterministic finite 
automaton A(m) = (Xb™, Qm, Im; Fm, ôm) where ©!” is the alphabet of 
the columns of height m over X; the set of states Qm is the set of all possible 
columns of m symbols in T U {#} therefore |Qm| = y. The set of initial 
states corresponds to the columns adjacent to the left border while the set of 
final states Fm contains all the columns of border symbols. The transitions 
from a given state p to state q are defined by using the adjacency allowed 
by the set of local tiles. Then, by construction it holds that A(m) accepts 
exactly L(m). Q.E.D. 


The construction of the automaton in the above proof implies directly 
the following corollary. 


Corollary 5.2. If L € UREC, then A(m) is unambiguous. 
We can now state the first necessary condition for picture recognizability. 


Theorem 5.3. If L € RECU co-REC then there exists a positive integer y 
such that, for all m > 0, Rg(m) < 27” 


Proof. Consider two rows of the Hankel matrix Hz (m) indexed by the words 
x and y respectively. It is easy to see that such two rows are equal if and 
only if x and y are in the same Nerode equivalence class of L(m).(Recall 
that, see also [5], given a language L C X*, two words u and v are in the 
same Nerode equivalence class of L if Vw € X* : uw € DS vw € L). Thus 
the number Rz(m) of different rows of Hr (m) coincides with the number of 
classes of the Nerode equivalence and therefore it corresponds to the number 
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of states of the minimal DFA recognizing L(m). The number of states of 
the DFA recognizing L(m) obtained by determinization of the NFA A(m) 
is at most 2lQml = 97", 

Moreover observe that if CL is the complement of a given language L, the 
Hankel matrix of CL can be obtained by taking the Hankel matrix of L and 
changing all Os in 1s and all 1s in Os. Then the two matrices have the same 
number of distinct rows, i.e.: Rr (m) = Rcr(m). The thesis follows.  q.z.p. 


We now state a necessary condition for a language to be tiling recognizable. 


Theorem 5.4. If L € REC then there exists a positive integer y such that, 
for all m > 0, Pr(m) < y™. 


Proof. Consider a permutation matrix that is a submatrix of Hz(M). Let 
X1,%2,.-.,Xn be the words that index its rows and let yo(1); Yo(2); - +++ Yo(n) 
be the words that index its columns, where ø is the permutation that repre- 
sents the matrix. To prove the statement of the theorem it suffices to show 
that n < y™ for some y. Recall that by definition of Hankel matrix, one 
has the following two conditions: 


(1) Higa EL forl<i<n 
(2) LiYo FL fori#j 


For any i, 1 < i < n, denote by S; C Qm the set of states q of the automaton 
A(m) such that there exists a path from a starting state to q with label 2;. 
For condition (1), there exists a state p; € S; such that in A(m) there is a 
path with label y,(;) from p; to an accepting state. Observe that p; ¢ Sj 
for all j 4 i otherwise in the automaton there would be an accepting path 
for the word 2;¥Yo(i) against condition (2). of the considered permutation 
matrix. This implies that the number of such sets S; is at most the number 
of states of Qm, that isn < |Qm| = y™ Q.E.D. 


For the third theorem we need some additional notations and definitions 
on matrices. Let M be a boolean matrix. A 1-monocromatic submatrix of 
M is any submatrix of M whose elements are all equal to 1. Let S = 
{Mı, M2,..., Mn} be a set of 1-monocromatic submatrices of M: S is an 
exact cover for M if, for any element mi; E M such that m;i; = 1, there 
exists an integer t such that m;; € Mı and moreover M, N Ms =9 for r Æ s. 
For instance, consider the Hankel matrix in Example 3.4. Each rectangle 
of 1s is an Hankel 1-monocromatic submatrix while all m + 1 rectangles 
together are an exact cover for the matrix. Denote by T(M) the minimal 
cardinality of an exact cover of M. We now report the following lemma. 


Lemma 5.5. Let M be a boolean matrix. Then: rank(M) < 7(M). 
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Proof. Let S = {M,,Mo,..., My} be an exact cover of minimal size of 
matrix M. Let M; denote the matrix (of same size of M) obtained from M 
by changing in 0 all the elements not belonging to M;. It is easy to verify 
that all those matrices M; have rank 1. Moreover observe that 


M = Mi + M3 +... + Mi: 


Then, by using the well known linear algebra fact that the rank of the sum 
of some matrices in not greater than the sum of the ranks of those matrices, 
we have that: 


rank( M) < rank(M;) + rank( M3) +...+rank(Mi(yj)) = 7(M). 
Q.E.D. 
We can now state our third necessary condition. 


Theorem 5.6. If L © UREC then there exists a positive integer y such 
that, for all m > 0, Kr(m) < y” 


Proof. Consider the NFA A(m) for the string language L(m) defined in 
Lemma 5.1. Observe that, by Corollary 5.2, A(m) is unambiguous. For 
every state q E Qm consider the sets U, and V} of words defined as follows: 


- u € U, if there exists a path in A(m) from an initial state to state q 
with label u; 


- v € V} if there exists a path in A(m) from state q to a final state with 
label v. 


Now take the Hankel matrix Hz (m) of language L(m) and consider the sub- 
matrix M, corresponding to language pair (U,, V,). M, is a 1-monocromatic 
submatrix of Hz (m) because uv € L for all u € Ug and all v € Vy. 

The set S4(m) = {Mq |q E Qm} is an exact cover of Hz (m). Indeed any 
1 in H,(m) is in a position corresponding to a row indexed by a word u and 
a column indexed by a word v such that uv € L and then it belongs to an 
element of S4(m). Moreover, for the unambiguity of A(m), it follows that 
any pair of elements of S.4(m) has empty intersection. Then, using Lemma 
5.5, we can conclude that 


Kr(m) = rank(H1(m)) < T(Hr(m)) < |Saim)| = [Qm] = 7": 


Q.E.D. 
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6 Separation results 


In this section we state some separation results for the classes of recognizable 
picture languages here considered. We start by showing that there exist 
languages L such that are neither L nor SL are recognizable. 

Let Ly be a picture language over © with |X| = ø of pictures of size 
(n, f(n)) where f is a non-negative function over IV. In Example 3.5 it is 
remarked that Rz,(m) = f(m)+1. Then, if we choose a function “greater” 
than the bound in Theorem 5.3, we obtain the following. 


Corollary 6.1. Let f(n) be a function that has asymptotical growth rate 
greater than 27”, then Ly Z REC Uco-REC. 


We now consider four examples of picture languages defined over a given 
alphabet © with || = ø > 2. Those examples will be checked for the 
inequalities of the Theorems 5.3, 5.4, 5.6 of previous section and used to 
separate classes RECUco-REC, REC and UREC. It is interesting to observe 
that these four languages have very similar definitions as if they were a 
variation on a theme. Their properties are based on a combination of the 
existence or non-existence of duplicate columns in the pictures either for 
a single column or for all the columns. Surprisingly all those variations 
suffice to separate the introduced recognizable classes. The languages are 
the following: 


Ly, ={pe€xX*| all columns of p appear once in p} 
Iy2={peXt*| all columns of p appear at least twice in p} 


L32={pEX""| there exists a column in p that appears at least twice in p} 


L3,={pEX""| there exists a column in p that appears only once in p} 


Notice that language La2 is the language already introduced in Example 4.8 
while La; is the language already introduced in Example 4.10; the remaining 
two languages are their complements. More precisely: Ly; = Laz and 
Ly2 = CLaı. By using the inequalities on the complexity functions given 
in the previous section, we shall prove that Ly2 Z REC, Ly; ¢ REC and 
L32 € UREC. 

In the proof of the following results we make use of submatrices of the 
Hankel matrix Hz (m) specified by row’s and column’s indices in the follow- 
ing set of strings over the column alphabet 5"! = {c1, C2,- .. , Com }: 


sm) = { Ci, Cig Cig ++. Ci, | 1 <ii < 1g < i3... < tik < G Y; 


Observe that there is a bijection between the set of words S$“ and the 
family of subsets of ©™1+. So one has that |$°™| = 27", 


Lemma 6.2. For all m > 1, Pr, (m) > 27”. 
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Proof. Consider the Hankel matrix H;,,,(m) and its submatrix having row 
and column indices in the set S(”). We show that such submatrix is an 
identity matrix (and thus a permutation matrix). Indeed, for any element 
hey of the submatrix, with x,y € S$ one has that hey = 1 if zy € Lye 
and this is true if and only if x = y. Then, the remark that the size of this 
submatrix is 2°” concludes the proof. Q.E.D. 


From Theorem 5.4 the above Lemma 6.2 one derives the following. 
Corollary 6.3. Ly2 Z REC. 


Consider now language L3; and the complexity function Rz, (m). Then 
Rta (m) = Riv (m) 2 Piy (m). 


Since we have proved in Section 4.1 (Example 4.10) that D3; € REC, from 
Lemma 6.2 we derive the following. 


Corollary 6.4. The bound given in Theorem 5.3 is tight. 


We now consider language Lyi. We prove the following. 


Lemma 6.5. For all m > 1, Pr, (m) > ( cs | 
20 


Proof. Consider the following subset T(”) of S°™ 


: o™ 
DO) = | city G/L Sin <a <i E k= Sh, 


Notice that we are implicitly assuming that o is even: in the opposite case 

everything can be done similarly but with a bit of more technicality. It 

is easy to verify that there is a bijection between T(”) and the family of 
o™ 


subsets of 5’! with size a Therefore |T™]| = om 


Consider now the Hankel matrix Hz,, (m) and its ioi having row 
and column indices in the set T’”. We show that such submatrix is a 
permutation matrix. 

Recall that the elements of T’” correspond to the subsets of ©"! with 
size a, and that any subset of size a has a unique complement of the 
same size. This means that, denoting by hz, the element of the Hankel 
matrix Hr, (m) for x,y € T™, one has that he, = 1 if zy € Ly: and this 
is true if and only if x and y correspond to complementary sets in ©”. 


Thus the submatrix is a permutation matrix and the thesis follows. Q.E.D. 


By Theorem 5.4 and the above Lemma 6.5 we derive the following. 
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Corollary 6.6. Ly, Z REC. 
Let us now consider the language L32. We prove the following. 
Lemma 6.7. For all m > 1, Kz, (m) > Dee j, 


Proof. Consider as in Lemma 6.2 the Hankel matrix Hz,,(m) and its sub- 
matrix, here denoted by M(m), having both row and column indices in the 
set S(™. To easily compute the rank of M(m) it is useful to introduce a 
total order in the strings of S(”). 

We need the following notations and definitions. Given a sequence 
S = (#1,...,%) of strings and a string z, denote by Sz the sequence 
(112,...,@nz). IET = (y1,---,Ym) is another sequence of strings, denote by 
(ST) the sequence composed by elements of S followed by the elements of 
T, ie. the sequence (S, T) = (£1,..., £n, Y1,- --;, Ym). Further recall that we 
are considering strings on the alphabet of columns 0"! = {c1,¢2,...,Com}. 

With these notations we can define the sequence S0™) by induction on 
the index k of the number of elements in )'"+ involved in the definitions of 
the strings. The definition is the following: 


aon 
K = (S65 cp) 


for k =1,...,0™. We have that $(™ = om), For instance: 


sf" = (@) 

sm) = (€,C1) 

sk = (£, C1, C2, C1C2) 

sf = (£, C1, C2, C1C2, C3, C1C3, C23, C1C2C3) 


By ordering the elements of S“”) as above, the matrix M(m) assumes a 
particular shape. For instance, the submatrix of M(m) whose row’s and 


column’s indices belongs to si”) is represented below. 


€ C1 C2 C1 C2 C3 C1 C3 C2C3 «C1 C2C3 
E 0 0 0 0 0 0 0 0 
c 0 1 0 1 0 1 0 1 
C2 0 0 1 1 0 0 1 1 
C1C2 0 1 1 1 0 1 1 1 
C3 0 0 0 0 1 1 1 1 
C1C3 0 1 0 1 1 1 1 1 
C23 0 0 1 1 1 1 1 1 
C1C2C3 0 1 1 1 1 1 1 1 
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Let M’(m) denote the matrix obtained from M(m) by deleting the first 
row and the first column. One can show that M’(m) has 1 in all counter- 
diagonal positions and in all positions below it. In fact, by construction 
of M'(m), the pair of strings (x,y) corresponding to the rows and columns 
indices of these positions are such that there exists a symbol c; € ©”! that 
occurs both in x and y, and hence xy € D32. Moreover all positions imme- 
diately above the counter-diagonal contain 0 since the pair (x,y) of strings 
corresponding to these positions have no symbols in common. By elemen- 
tary matrix computations, one has that the determinant det M’(m) Æ 0. 
Since the size of M’(m) is 27™— 1, the thesis follows. Q.E.D. 


By Theorem 5.6 and the above Lemma 6.7 we derive the following. 
Corollary 6.8. L32 Z UREC. 


We conclude by collecting all the results of this section and state the 
following separation result. 


Theorem 6.9. UREC Ç REC © REC U co-REC. 


Proof. Language Laz separate UREC from REC. In fact, it does not belongs 
to UREC by Corollary 6.8 while in Example 4.8 it is shown Dag € REC. 
Furthermore language Ly2 separates families REC and REC U co-REC. 
In fact, from Corollary 6.3, we have that language Ly2 ¢ REC while its 
complement Lys = L3; € REC (see Example 4.10). Q.E.D. 


7 Final remarks and open questions 


We proposed a unifying framework based on Hankel matrices to deal with 
recognizable picture languages. As result, we stated three necessary condi- 
tions for the classes REC Uco-REC, REC and UREC. The first natural ques- 
tion that arises regards the non-sufficiency of such statements, more specif- 
ically the possibility of refining them to get sufficient conditions. Observe 
that the technique we used of reducing a picture language L in a sequence of 
string languages (L(m))m so on the columns alphabets ©! allows to take 
into account the complexity” of a picture language along only the hori- 
zontal dimension. For instance, consider the languages L4,, Lha, Ly,, Lio 
obtained by exchanging the word ”column” with ”rows” in the definitions 
of corresponding languages given the the previous section. For those lan- 
guages the necessary conditions we gave are meaningless, nevertheless it 
is easy to figure out a corresponding technique that, given a picture lan- 
guage L, consider the sequence of string languages (L’(n))nso9 on the rows 
alphabets X!” and then consider the Hankel matrices of such languages. 
Then the question is whether by combining conditions that use such both 
techniques along the two dimensions we could get strong conditions for the 
recognizability of the given picture language. 
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The novelty of these matrix-based complexity functions gives a common 
denominator to study relations between the complement problem and un- 
ambiguity in this family of recognizable picture languages. In 1994, in the 
more general context of graphs Wolfgang Thomas et. al. had pointed the 
close relations between these two concepts. In particular, paper [13] ends 
with the following question formulated specifically for grids graphs and a 
similar notion of recognizability (here, we report it in our terminology and 
context). 


Question 7.1. Let L C Et be a language in REC such that also SL € 
REC. Does this imply that L € UREC? 


As far as we know, there are no negative examples for this question. On 
the other hand, we have seen a language L32 that belongs to REC such 
that its complement Ly; does not and Lz, is not in UREC. Then we can 
formulate another question. 


Question 7.2. Let L C ++ be a language in REC such that CL ¢ REC. 
Does this imply that L ¢ UREC? 


As further work we believe that this matrix-based complexity function 
technique to discriminate class of languages could be refined to study re- 
lations between closure under complement and unambiguity. Notice that 
a positive answer to any of a single question above does not imply that 
UREC is closed under complement. Moreover observe that the two prob- 
lems can be rewritten as whether REC N co-REC C UREC and whether 
UREC C RECN co-REC, respectively, i.e. they correspond to verify two 
inverse inclusions. As consequence, if both conjectures were true then we 
would conclude not only that UREC is closed under complement but also 
that it is the largest subset of REC closed under complement. 
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Abstract 


We define and examine priority mean-payoff games—a natural 
extension of parity games. By adapting the notion of Blackwell op- 
timality borrowed from the theory of Markov decision processes we 
show that priority mean-payoff games can be seen as a limit of special 
multi-discounted games. 


1 Introduction 


One of the major achievements of the theory of stochastic games is the re- 
sult of Mertens and Neyman [15] showing that the values of mean-payoff 
games are the limits of the values of discounted games. Since the limit of 
the discounted payoff is related to Abel summability while the mean-payoff 
is related to Cesàro summability of infinite series, and classical abelian and 
tauberian theorems establish tight links between these two summability 
methods, the result of Mertens and Neyman, although technically very dif- 
ficult, comes with no surprise. 

In computer science similar games appeared with the work of Gurevich 
and Harrington [12] (games with Muller condition) and Emerson and Jutla 
[5] and Mostowski [16] (parity games). 

However discounted and mean-payoff games also seem very different from 
Muller/parity games. The former, inspired by economic applications, are 
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games with real valued payments, the latter, motivated by logics and au- 
tomata theory, have only two outcomes, the player can win or lose. 

The theory of parity games was developed independently from the the- 
ory of discounted/mean-payoff games [11] even though it was noted by Jur- 
dziziski [14] that deterministic parity games on finite arenas can be reduced 
to mean-payoff games!. 

Recently de Alfaro, Henzinger and Majumdar [3] presented results that 
indicate that it is possible to obtain parity games as an appropriate limit 
of multi-discounted games. In fact, the authors of [3] use the language of 
the p-calculus rather than games, but as the links between p-calculus and 
parity games are well-known since the advent [5], it is natural to wonder 
how discounted ji-calculus from [3] can be reflected in games. 

The aim of this paper is to examine in detail the links between discounted 
and parity games suggested by [3]. In our study we use the tools and 
methods that are typical for classical game theory but nearly never used for 
parity games. We want to persuade the reader that such tools, conceived 
for games inspired by economic applications, can be successfully applied to 
games that come from computer science. 

As a by-product we obtain a new class of games—priority mean-payoff 
games — that generalise in a very natural way parity games but contrary 
to the latter allow to quantify the gains and losses of the players. 

The paper is organised as follows. 

In Section 2 we introduce the general framework of deterministic zero- 
sum infinite games used in the paper, we define optimal strategies, game 
values and introduce positional (i.e. memoryless) strategies. 

In Section 3 we present discounted games. Contrary to classical game 
theory where there is usually only one discount factor, for us it is crucial to 
work with multi-discounted games where the discount factor can vary from 
state to state. 

Section 4 is devoted to the main class of games examined in this paper— 
priority mean-payoff games. We show that for these games both players have 
optimal positional strategies (on finite arenas). 

In classical game theory there is a substantial effort to refine the notion 
of optimal strategies. To this end Blackwell [2] defined a new notion of op- 
timality that allowed him a fine-grained classification of optimal strategies 
for mean-payoff games. In Section 5 we adapt the notion of Blackwell op- 
timality to our setting. We use Blackwell optimality to show that in some 
strong sense priority mean-payoff games are a limit of a special class of 
multi-discounted games. 


1 But this reduction seems to be proper for deterministic games and not possible for 
perfect information stochastic games. 
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The last Section 6 discusses briefly some other applications of Blackwell 
optimality. 

Since the aim of this paper is not only to present new results but also to 
familiarize the computer science community with methods of classical game 
theory we have decided to make this paper totally self-contained. We present 
all proofs, even the well-known proof of positionality of discounted games?. 
For the same reason we also decided to limit ourselves to deterministic 
games. Similar results can be proved for perfect information stochastic 
games [10, 9] but the proofs become much more involved. We think that 
the deterministic case is still of interest and has the advantage of beeing 
accessible through elementary methods. 


The present paper is an extended and improved version of [8]. 


2 Games 


An arena is a tuple A = (S1, S2, A), where Sı and S2 are the sets of states 
that are controlled respectively by player 1 and player 2, A is the set of 
actions. 

By S = Sı U S2 we denote the set of all states. Then A C S x S, 
i.e. each action a = (s',s”) € A is a couple composed of the source state 
source(a) = s’ and the target state target(a) = s”. In other words, an arena 
is just a directed graph with the set of vertices S partitioned onto Sı and 
S2 with A as the set of edges. 

An action a is said to be available at state s if source(a) = s and the set 
of all actions available at s is denoted by A(s). 

We consider only arenas where the set of states is finite and such that 
for each state s the set A(s) of available actions is non-empty. 

A path in arena A is a finite or infinite sequence p = 895,82... of 
states such that for all i, (si, 5:41) € A. The first state is the source of p, 
source(p) = so, if p is finite then the last state is the target of p, target(p). 

Two players 1 and 2 play on A in the following way. If the current state 
s is controlled by player P € {1,2}, i.e. s E€ Sp, then player P chooses an 
action a € A(s) available at s, this action is executed and the system goes 
to the state target(a). 

Starting from an initial state so, the infinite sequence of consecutive 
moves of both players yields an infinite sequence p = S95182... of visited 
states. Such sequences are called plays, thus plays in this game are just 
infinite paths in the underlying arena A. 


2 But this can be partially justified since we need positionality of multi-discounted games 
while in the literature usually simple discounted games are treated. We should admit 
however that passing from discounted to multi-discounted games needs only minor 
obvious modifications. 


334 H. Gimbert, W. Zielonka 


We shall also use the term “a finite play” as a synonym of “a finite path” 
but “play” without any qualifier will always denote an infinite play/path. 

A payoff mapping 

u: S” — R (1.1) 
maps infinite sequences of states to real numbers. The interpretation is that 
at the end of a play p player 1 receives from player 2 the payoff u(p) (if 
u(p) < 0 then it is rather player 2 that receives from player 1 the amount 
|u(p)|). 

A game is couple (A, u) composed of an arena and a payoff mapping. 

The obvious aim of player 1 (the maximizer) in such a game is to maxi- 
mize the received payment, the aim of player 2 (the minimizer) is opposite, 
he wants to minimize the payment paid to his adversary. 

A strategy of a player P is his plan of action that tells him which action 
to take when the game is at a state s € Sp. The choice of the action can 
depend on the whole past sequence of moves. 

Therefore a strategy for player 1 is a mapping 


o : {p | p a finite play with target(p) € S1} — S (1:2) 


such that for each finite play p with s = target(p) € Si, (s, o(p)) € A(s). 

Strategy o of player 1 is said to be positional if for every state s € S1 
and every finite play p with target(p) = s, o(p) = o(s). Thus the action 
chosen by a positional strategy depends only on the current state, previously 
visited states are irrelevant. Therefore a positional strategy of player 1 can 
be identified with a mapping 


o:Sı—> sS (1.3) 


such that for all s € S1, (s,ø(s)) € A(s). 

A finite or infinite play p = sosı... is said to be consistent with a 
strategy o of player 1 if, for each i € N such that s; € S1, we have 
(s;,0(So...5;)) € A. 

Strategies, positional strategies and consistent plays are defined in the 
analogous way for player 2 with S2 replacing 5}. 

In the sequel © and 7 will stand for the set of strategies for player 1 and 
player 2 while 4, and 7, are the corresponding sets of positional strategies. 

The letters ø and 7, with subscripts or superscripts if necessary, will be 
used to denote strategies of player 1 and player 2 respectively. 

Given a pair of strategies o € X and 7 € T and an initial state s, there 
exists a unique infinite play in arena A, denoted p(s,o,7), consistent with 
o and 7 and such that s = source(p(s,0,T)). 
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Definition 2.1. Strategies ot € 5 and r* € T are optimal in the game 
(A, wu) if 


VsES,VoEX,VreT, 
u(p(s,0,7*)) < u(p(s,o*,7*)) < u(p(s,o%,7)) . (1.4) 


Thus if strategies of and 7Ë are optimal then the players do not have 
any incentive to change them unilaterally: player 1 cannot increase his gain 
by switching to another strategy o while player 2 cannot decrease his losses 
by switching to another strategy T. 

In other words, if player 2 plays according to r* then the best response 
of player 1 is to play with g, no other strategy can do better for him. 
Conversely, if player 1 plays according to øf then the best response of player 
2 is to play according to T* as no other strategy does better to limit his losses. 

We say that a payoff mapping u admits optimal positional strategies if for 
all games (A, u) over finite arenas there exist optimal positional strategies 
for both players. We should emphasize that the property defined above is a 
property of the payoff mapping and not a property of a particular game, we 
require that both players have optimal positional strategies for all possible 
games over finite arenas. 

It is important to note that zero-sum games that we consider here, i.e. 
the games where the gain of one player is equal to the loss of his adversary, 
satisfy the exchangeability property for optimal strategies: 

for any two pairs of optimal strategies (o*,r#) and (o*,7*), the pairs 
(o*,7*) and (o4,7*) are also optimal and, moreover, 


u(p(s, a ,r")) = u(p(s, o*,T*)) , 


i.e. the value of u(p(s,o#,7*)) is independent of the choice of the optimal 
strategies—this is the value of the game (A,u) at state s. 
We end this general introduction with two simple lemmas. 


Lemma 2.2. Let u be a payoff mapping admitting optimal positional 
strategies for both players. 


(A) Suppose that o € X is any strategy while Të € T, is positional. Then 
there exists a positional strategy ot € ©, such that 


for alls € S, u(p(s,o,7*)) < u(p(s,o#,7*)) . (1.5) 


(B) Similarly, if r € T is any strategy and ot € X, a positional strategy 
then there exists a positional strategy TË € Tp such that 


for alls € S, u(p(s,a4,7*)) < u(p(s, 4,7) . 
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Proof. We prove (A), the proof of (B) is similar. Take any strategies o € X 
and TË € Tp. Let A’ be a subarena of A obtained by restricting the actions 
of player 2 to the actions given by the strategy 7#, i.e. in A’ the only 
possible strategy for player 2 is the strategy T*. The actions of player 1 are 
not restricted, i.e. in A’ player 1 has the same available actions as in A, in 
particular ø is a valid strategy of player 1 on A’. Since u admits optimal 
positional strategies, player 1 has an optimal positional strategy ot on A’. 
But (1.5) is just the optimality condition of ot on A’. Q.E.D. 


Lemma 2.3. Suppose that the payoff mapping u admits optimal positional 
strategies. Let o# € Xp and the T, be positional strategies such that 


Vs € S,Vo € Up, YT E€ Tp, 
u(p(s,o,7*)) < u(p(s,o*,7#) < u(p(s,o*,r)) , (1.6) 


i.e. ot and TË are optimal in the class of positional strategies. Then o? and 
TË? are optimal in the class of all strategies. 


Proof. Suppose that 


dr €T, u(p(s,a',r)) < u(p(s,o*, T*)) . (1.7) 


By Lemma 2.2 (B) there exists a positional strategy T* € TJ, such that 


u(p(s,o#,7*)) < u(p(s,o4,7)) < u(p(s,o?,T?)), contradicting (1.6). Thus 
Vr € T,u(p(s,o#,7*)) < u(p(s,o#,7)). The left hand side of (1.4) can be 
proved in a similar way. Q.E.D. 


3 Discounted Games 


Discounted games were introduced by Shapley [19] who proved that stochas- 
tic discounted games admit stationary optimal strategies. Our exposition 
follows very closely the original approach of [19] and that of [17]. Neverthe- 
less we present a complete proof for the sake of completeness. 

Arenas for discounted games are equipped with two mappings defined 
on the set S of states: the discount mapping 


A: S — [0,1) 


associates with each state s a discount factor A(s) € [0,1) and the reward 
mapping 

r:S—R (1.8) 
maps each state s to a real valued reward r(s). 


The payoff mapping 
ux: S” — R 
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for discounted games is defined in the following way: for each play p = 
898152...€ SY 


II 


uy(p) (1 — A(so))r(s0) + A(S0)(1 — A(s1))r(s1)+ 
A(so)A(s1)(1 — A(s2))r(s2) +... 
= S © A(So) <.. A(Si—1)(1 — ACss))r(si) (1.9) 


i=0 


Usually when discounted games are considered it is assumed that there is 
only one discount factor, ie. that there exists À € [0, 1) such that A(s) = A 
for all s € S. But for us it is essential that discount factors depend on the 
state. 

It is difficult to give an intuitively convincing interpretation of (1.9) if 
we use this payoff mapping to evaluate infinite games. However, there is a 
natural interpretation of (1.9) in terms of stopping games, in fact this is the 
original interpretation given by Shapley [19]. 

In stopping games the nature introduces an element of uncertainty. Sup- 
pose that at a stage i a state s; is visited. Then, before the player controlling 
si is allowed to execute an action, a (biased) coin is tossed to decide if the 
game stops or if it will continue. The probability that the game stops is 
1 — X(s;) (thus A(s;) gives the probability that the game continues). Let 
us note immediately that since we have assumed that 0 < A(s) < 1 for all 
s € S, the stopping probabilities are strictly positive therefore the game 
actually stops with probability 1 after a finite number of steps. 

If the game stops at s; then player 1 receives from player 2 the payment 
r(s;). This ends the game, there is no other payment in the future. 

If the game does not stop at s; then there is no payment at this stage 
and the player controlling the state s; is allowed to choose an action to 
execute’. 

Now note that A(so)...A(s;-1)(1 — A(s;)) is the probability that the 
game have not stopped at any of the states sg,...,;-1 but it does stop at 
state si. Since this event results in the payment r(s;) received by player 1, 
Eq. (1.9) gives in fact the payoff expectation for a play s95189.... 


Shapley [19] proved* that 


Theorem 3.1 (Shapley). Discounted games (A,u,) over finite arenas ad- 
mit optimal positional strategies for both players. 


3 More precisely, if the nature does not stop the game then the player controlling the 
current state is obliged to execute an action, players cannot stop the game by them- 
selves. 

4 In fact, Shapley considered a much larger class of stochastic games. 
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Proof. Let RS be the vector space consisting of mappings from S to R. For 
f ERY, set ||f|| =sup,eg|f(s)|. Since S is finite ||- || is a norm for which 
R is complete. Consider an operator Y : RS — R5, for f € RS and 
sES, 


virið = E — d(s))r(s) + A(s) f(s’) ifs €S 
minçs, seat) (1 = A(s))r(s) +As)f(s') ifs € S2. 


Y[f](s) can be seen as the value of a one shot game that gives the payoff 
(1—A(s))r(s)+A(s) f(s’) if the player controlling the state s choses an action 
(s,s) € A(s). 

We can immediately note that Y is monotone, if f > g then Y[f] > Y[g], 
where f > g means that f(s) > g(s) for all states s € S. 


Moreover, for any positive constant c and f € RS 


Y[f]— càl < Y[f-—c-1] and Y[f+e-1]< Yf] +c, (1.10) 
where 1 is the constant mapping, 1(s) = 1 for each state s, and À = 
SUpses A(s). 


Therefore, since 


f-If- gll 1<g<f+llf-gll-1, 


we get 
VF] -AIF -gll 1 < Vlg] < LAAI- gll, 
implying 
VIF] — Ylli <All — gll - 


By the Banach contraction principle, Y has a unique fixed point w € RS, 
Ww] = w. From the definition of Y we can see that this unique fixed point 
satisfies the inequalities 


Vs € 51,V(s,8') € A(s), w(s) > (1—A(s))r(s) + A(s)w(s') (1-11) 
and 
Vs € S2,V(s,8') € A(s), w(s) < (1—A(s))r(s) + A(s)w(s’) . (1.12) 
Moreover, for each s € S there is an action €(s) = (s, s’) € A(s) such that 
w(s) = (1 — A(s))r(s) + A(s)w(s’) - (1.13) 


We set o#(s) = €(s) for s € Sı and r*(s) = €(s) for s € S and we show 
that o# and TË are optimal for player 1 and 2. Suppose that player 1 plays 
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according to the strategy o? while player 2 according to some strategy T. Let 
p(so, 0°, T) = 808182... Then, using (1.12) and (1.13), we get by induction 
on k that 


k 
< So Xs A(si—1)(1 — Alsi) )r(si) + A(so) --. A(sk)w(sk+1) - 


i=0 


Tending k to infinity we get 


w(so) < ua(p(so,0%,7)) . 


In a similar way we can establish that for any strategy o of player 1, 


w(50) > ua(p(so, 7, 7)) 
and, finally, that 
w(so) = ux (p(so, ot, r#)) , 


proving the optimality of o? and T°. Q.E.D. 


4 Priority mean-payoff games 
In mean-payoff games the players try to optimize (maximize/minimize) the 
mean value of the payoff received at each stage. In such games the reward 
mapping 

r:S—R (1.14) 


gives, for each state s, the payoff received by player 1 when s is visited. The 
payoff of an infinite play is defined as the mean value of daily payments: 


k 


are (1.15) 


i=0 


m($08182--.) = imaz 


where we take limsup rather than the simple limit since the latter may 
not exist. As proved by Ehrenfeucht and Mycielski [4], such games admit 
optimal positional strategies; other proofs can be found for example in [1, 7]. 
We slightly generalize mean-payoff games by equipping arenas with a 

new mapping 
w: S — R} (1.16) 


associating with each state s a strictly positive real number w(s), the weight 
of s. We can interpret w(s) as the amount of time spent at state s each 
time when s is visited. In this setting r(s) should be seen as the payoff by 
a time unit when s is visited, thus the mean payoff received by player 1 is 


k è * 
Um (808182...) = lim sup Lixo W(s:)r(s:) ; 


1.17 
kg w(si) alk 
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Note that in the special case when the weights are all equal to 1, the weighted 
mean value (1.17) reduces to (1.15). 


As a final ingredient we add to our arena a priority mapping 
T: S — Z4 (1.18) 


giving a positive integer priority 7(s) of each state s. 

We define the priority of a play p = sosıs2... as the smallest priority 
appearing infinitely often in the sequence m(so)n(sı)r(s2)... of priorities 
visited in p: 

m(p) = liminf 7(s;) . (1.19) 
l 


For any priority a, let 1, : S — {0,1} be the indicator function of the set 
{s € S | a(s) =a}, ie. 


TEI if r(s)=a (1.20) 


0 otherwise. 


Then the priority mean payoff of a play p = s9s 152... is defined as 


D Larp) (s) + w(si) + r(s:) l 
Sio Lr(p)(si) ` w(si) 


In other words, to calculate priority mean payoff upm(p) we take weighted 
mean payoff but with the weights of all states having priorities different from 
m(p) shrunk to 0. (Let us note that the denominator war Lap) (si) w( ss) 
is different from 0 for k large enough, in fact it tends to infinity since 
1,(p)(si) = 1 for infinitely many i. For small k the numerator and the 
denominator can be equal to 0 and then, to avoid all misunderstanding, it 
is convenient to assume that the indefinite value 0/0 is equal to —oo.) 


Upm(p) = lim sup (1.21) 


k 


Suppose that for all states s, 
e w(s) = 1 and 
e r(s) is 0 if (s) is even, and r(s) is 1 if m(s) is odd. 


Then the payoff obtained by player 1 for any play p is either 1 if (p) is odd, 
or 0 if z(p) is even. If we interpret the payoff 1 as the victory of player 1, and 
payoff 0 as his defeat then such a game is just the usual parity game [5, 11]. 


It turns out that 


Theorem 4.1. For any arena A the priority mean-payoff game (A, upm) 
admits optimal positional strategies for both players. 


Limits of multi-discounted games 341 


There are many possible ways to prove Theorem 4.1, for example by 
adapting the proofs of positionality of mean payoff games from [4] and [1] 
or by verifying that upm satisfies sufficient positionality conditions given in 
[7]. Below we give a complete proof based mainly on ideas from [7, 20]. 

A payoff mapping is said to be prefix independent if for each play p 
and for each factorization p = xy with x finite we have u(p) = u(y), ie. 
the payoff does not depend on finite prefixes of a play. The reader can 
readily persuade herself that the priority mean payoff mapping Upm is prefix 
independent. 


Lemma 4.2. Let u be a prefix-independent payoff mapping such that both 
players have optimal positional strategies o? and r# in the game (A, u). Let 
val(s) = p(s,o4,r*), s € S, be the game value for an initial state s. 


For any action (s,t) € A, 


(1) if s € Sı then val(s) > val(t), 
(2) if s € S2 then val(s) < val(¢), 
(3) if s € Sı and oË(s) = t then val(s) = val(t), 
(4) if s € S2 and r#(s) = t then val(s) = val(t). 


Proof. (1). This is quite obvious. If s € S1, (s,t) € A and val(s) < val(t) 
then for a play starting at s player 1 could secure for himself at least val(t) by 
executing first the action (s,¢) and next playing with his optimal strategy. 
But this contradicts the definition of val(s) since from s player 2 has a 
strategy that limits his losses to val(s). 

The proof of (2) is obviously similar. 

(3). We know by (1) that if s € Sı and o#(s) = t then val(s) > val(t). This 
inequality cannot be strict since from t player 2 can play in such a way that 
his loss does not exceed val(t). 


(4) is dual to (1). Q.E.D. 


Proof of Theorem 4.1. We define the size of an arena A to be the difference 
|A| — |.S| of the number of actions and the number of states and we carry 
the proof by induction on the size of A. Note that since for each state there 
is at least one available action the size of each arena is > 0. 

If for each state there is only one available action then the number 
of actions is equal to the number of states, the size of A is 0, and each 
player has just one possible strategy, both these strategies are positional 
and, obviously, optimal. 

Suppose that both players have optimal positional strategies for arenas 
of size < k and let A be of size k, k > 1. 
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Then there exists a state with at least two available actions. Let us fix 
such a state t, we call it the pivot. We assume that t is controlled by player 1 


he Si (1.22) 


(the case when it is controlled by player 2 is symmetric). 

Let A(t) = Ar (t)UAR(t) bea partition of the set A(t) of actions available 
at t onto two disjoint non-empty sets. Let Az and Apr be two arenas, we 
call them left and right arenas, both of them having the same states as 
A, the same reward, weight and priority mappings and the same available 
actions for all states different from t. For the pivot state t, Az, and Ar 
have respectively A, (t) and Ap(t) as the sets of available actions. Thus, 
since Ay; and Ap have less actions than A, their size is smaller than the 
size of A and, by induction hypothesis, both players have optimal positional 
strategies: (oË, TË) on Az and (o, TË) on Apr. 

We set valz (s) = Upm(p(s, o}, TË)) and valg(s) = Upm(p(s, 0%, T$)) to 
be the values of a state s respectively in the left and the right arena. 

Without loss of generality we can assume that for the pivot state t 


valz (t) < valr(t) . (1.23) 
We show that this implies that 
for all s€ S,  valz(s) < valp(s) . (1.24) 
Suppose the contrary, i.e. that the set 
X = {s € S | valz (s) > valp(s)} 
is non-empty. We define a positional strategy o* for player 1 
oH) Te ng. | 8 


Note that, since the pivot state t does not belong to X, for s e X A $, 
o$ (s) is valid action for player 1 not only in Az but also in Apr, therefore 


the strategy o* defined above is a valid positional strategy on the arena Ap. 
We claim that 
For games on Ap starting at a state so € X strategy o* guarantees that 
player 1 wins at least valz (so) (against any strategy of player 2). 
(1.26) 


Suppose that we start a game on Ag at a state sg and player 1 plays 
according to o* while player 2 uses any strategy T. Let 


p(S0,0",T) = 505152... (1.27) 
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be the resulting play. We define 


l fi X 
for alls € S, val(s) = a Aa (1.28) 
valg(s) forse S\ X. 
We shall show that the sequence val(so), val(s1), val(s2),... is nondecreas- 
ing, 
for all i, val(s;) < val(si41) . (1.29) 


Since strategies of and at, are optimal in Az, and Apr, Lemma 4.2 and 
(1.28) imply that for all i 


val(s;) = valz (si) < valz(si41) ifs; © X, (1.30) 
and 
val(s;) = valr(si) < valr(si+ı1) if s; E€ S\ X. (1.31) 


To prove (1.29) there are four cases to examine: 


(1) Suppose that s; and s;41 belong to X. Then val(s;+1) = valz (si+ı1) and 
(1.29) follows from (1.30). 


(2) Suppose that s; and s;41 belong to S\ X. Then val(si}1) = valg (si+1) 
and now (1.29) follows from (1.31). 


(3) Let s; € X and s;4, € S\ X. Then (1.29) follows from (1.30) and from 
the fact that valz (si+1) < vale(si41) = val(sj+1). 


(4) Let s; € S\X and s;4; E€ X. Then valg(si+1) < valz (si+1) = val(s;41), 
which, by (1.31), implies (1.29). Note that in this case we have the strict 
inequality val(s;) < val(s;+1). 


This finishes the proof of (1.29). 


Since the set {val(s) | s € S} is finite, (1.29) implies that the sequence 
val(s;),2 = 0,1,..., is ultimately constant. But examining the case (4) 
above we have established that each passage from § \ X to X strictly in- 
creases the value of val. Thus from some stage n onward all states s;, i > n, 
are either in X or in S \ X. Therefore, according to (1.25), from the stage 
n onward player 1 always plays either of or at, and the optimality of both 
strategies assures that he wins at least val(s,,), i.e. 


Upm(P(So; o*,T)) = Upm(S081 is .) = 


Upm(Sn$n4+1$n42---) > val(sn) > val(so). 
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In particular, if sọ € X then using strategy o* player 1 secures for himself 
the payoff of at least val(so) = valz(so) against any strategy of player 
2, which proves (1.26). On the other hand, the optimality of Th implies 
that player 2 can limit his losses to valg(so) by using strategy r$. But how 
player 1 can win at least valz (so) while player 2 loses no more than valg(so) 
if valz (so) > valg(so) for so € X? We conclude that the set X is empty 
and (1.24) holds. 

Now our aim is to prove that (1.23) implies that the strategy ot, is 
optimal for player 1 not only in Ag but also for games on the arena A. 
Clearly player 1 can secure for himself the payoff of at least valg(s) by 
playing according to oh on A. We should show that he cannot do better. 
To this end we exhibit a strategy 7Ë for player 2 that limits the losses of 
player 2 to valg(s) on the arena A. 

At each stage player 2 will use either his positional strategy TË optimal 
in Az or strategy TË optimal in Apr. However, in general neither of these 
strategies is optimal for him in A and thus it is not a good idea for him 
to stick to one of these strategies permanently, he should rather adapt his 
strategy to the moves of his adversary. To implement the strategy 7* player 
2 will need one bit of memory (the strategy Të we construct here is not 
positional). He uses this memory to remember if at the last passage through 
the pivot state t player 1 took an action of Az(t) or an action of Ar(t). In 
the former case player 2 plays using the strategy TË, in the latter case he 
plays using the strategy Th. In the periods between two passages through 
t player 2 does not change his strategy, he sticks either to rt or to Th, 
he switches from one of these strategies to the other only when compelled 
by the action taken by player 1 during the last visit at the pivot state. 
It remains to specify which strategy player 2 uses until the first passage 
through t and we assume that it is the strategy Th. 

Let so € S be an initial state and let o be some, not necessarily posi- 
tional, strategy of 1 for playing on A. Let 


P(50, 0, T*) = 808182... (1.32) 
be the resulting play. Our aim is to show that 


upm(p(s0, 0, T*)) < valr(so) - (1.33) 


5 Note the intuition behind the strategy rË: If at the last passage through the pivot 
state t player 1 took an action of Az (t) then, at least until the next visit to t, the play 
is like the one in the game Aç (all actions taken by the players are actions of Az) 
and then it seems reasonable for player 2 to respond with his optimal strategy on Az. 
On the other hand, if at the last passage through t player 1 took an action of Ap(t) 
then from this moment onward until the next visit to t we play like in Apr and then 
player 2 will respond with his optimal strategy on Apr. 
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If p(so,0,7*) never goes through t then p(so,¢,7*) is in fact a play in Ar 
consistent with rh which immediately implies (1.33). 

Suppose now that p(so, g, T?) goes through t and let k be the first stage 
such that są = t. Then the initial history s9s1...s5, is consistent with Th 
which, by Lemma 4.2, implies that 


valg(t) < valr(so) . (1.34) 


If there exists a stage n such that s„ = t and player 2 does not change 


his strategy after this stage®, i.e. he plays from the stage n onward either TË 


or rh then the suffix play SnSn+1 ... is consistent with one of these strate- 
gies implying that either Upm(SnSn41---) < valz(t) or Upm(SnSn41---) < 
valg(t). But upm(Sn$n41---) = Upm(p(so, 0, 7*)) and thus (1.34) and (1.23) 
imply (1.33). 

The last case to consider is when player 2 switches infinitely often be- 
tween rh and TË, 

In the sequel we say that a non-empty sequence of states z contains only 
actions of Ap if for each factorization z = z's's”z” with s’, s” € S, (s', s”) 
is an action of Ar. (Obviously, there is in a similar definition for Az.) 

Since now we consider the case when the play p(so, c, TË) contains in- 
finitely many actions of A;(t) and infinitely many actions of Ar(t) there 
exists a unique infinite factorization 


p(s0, 9, TË) = 101112973... , (1.35) 
such that 
e each x;, i > 1, is non-empty and begins with the pivot state t, 
e each path xg;t, i = 0,1,2,... contains only actions of Ag while 
e each path x2;11¢ contains only actions of Az. 


(Intuitively, we have factorized the play p(so, o, T*) according to the strategy 
used by player 2.) 


Let us note that the conditions above imply that 
TR=Cer4re... and wy = T135... . (1.36) 


are infinite paths respectively in Ag and Ay. 
Moreover, £p is a play consistent with rh while ry is consistent with TË. 
By optimality of strategies Th, TË, 


Upm(@R) < valg(t) and upm(zz) < valz(t) . (1:37) 


6 In particular this happens if p(so, ø, TË) goes finitely often through t. 
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It is easy to see that path priorities satisfy t(xp) > m(p(so,0,7%)) and 
n(£L) > 1(p(so,0,7*)) and at most one of these inequalities is strict. 

(1) If (£r) > 1(p(so,0,7*)) and m(x) = m(p(so,0,T*)) then there ex- 
ists m such that all states in the suffix ®am%am42T2m+4... Of wR have 
priorities greater than 7(p(so,0,7*)) and do not contribute to the payoff 
Upm(LImLIm4+1LIm4+202M+43 ose ;): 


This and the prefix-independence property of upm imply 


Upm(p(So, oO; TË)) = Upm(LImLIm41LIm+20IM+3 . .) = 


Upm(Lam4+1Lam-+3 oa 3) = Upm (27) < valz (so) < valg(so), 


where the first inequality follows from the fact that xz is consistent with 
the optimal strategy TË. 

(2) If a(z) > t(p(s0,0,T?)) and a(x) = T(p(s0,0,T?)) then we get in a 
similar way Upm(p(S0,9,7*)) = Upm(@R) < valr(so). 

(3) Let a = r(x) = 7(p(s0,0,T*)) = r(x). For a sequence toti... tı of 
states we define 


and 


Ga(to...t)) = 2 La(ti) - w(ti), 


where 1, is defined in (1.20). Thus for an infinite path p, upm(p) = 
lim sup; Fa(pi)/Ga(pi), where p; is the prefix of length i of p. 

Take any £ > 0. Eq. (1.37) implies that for all sufficiently long prefixes 
yL of zL, FalyL)/GalyL) < valz (t) +€ < valr(t) + £ and similarly for all 
sufficiently long prefixes yr of £r, Falyr)/Galyr) < valr(t) +e. Then we 


also have 
Falyr) + Falyr) 
Ga(yr) + Ga(yz) 


If y is a proper prefix of the infinite path 2,243... then 


<vala(t) +e. (1.38) 


Pe hood 
Y = TIT2 . . . C2i—1T2iT2i+1 > 


Limits of multi-discounted games 347 


where 
e either z3; is a prefix of x2; and x},,, is empty or 
© ©; = T; and Thi; is a prefix of rai41 


(and z; are as in factorization (1.35)). Then yr = £224 . . . £h; is a prefix of 
zr while yz = z123.. E4120 9444 is a prefix of xz. If the length of y tends 
to oo then the lengths of yr and yz tend to co. Since Galy) = Ga(yr) + 
Ga(yz) and Faly) = Fu(yr)+Ga(yz) Eq. (1.38) implies that Ga(y)/Fu(y) < 
valr(t) +£. Since the last inequality holds for all sufficiently long finite 


prefixes of 212223... we get that upm(p(so, G, rH)) = Upm(%1%2%3...) < 
valp(so) +£. As this is true for all e > 0 we have in fact upm(p(so,0,7*)) < 
valg(so). 


This finishes the proof that if player 2 plays according to strategy 7’ 
then his losses do not extend valp(so). 

We can conclude that strategies ot, and TË are optimal on A and for 
each initial state s the value of a game on A is the same as in Apr. 

Note however that while player 1 can use his optimal positional strategy 
oh to play optimally on A the situation is more complicated for player 2. 
The optimal strategy that we have constructed for him is not positional and 
certainly if we pick some of his optimal positional strategies on Apr then we 
cannot guarantee that it will remain optimal on A. 


To obtain an optimal positional strategy for player 2 we proceed as follows: 


If for each state s € Sy controlled by player 2 there is only one available 
action then player 2 has only one strategy (rË = rt), Thus in this case 


player 2 needs no memory. 


If there exists a state t € S2 with at least two available actions then we 
take this state as the pivot and by the same reasoning as previously we find 
a pair of optimal strategies (a*, 7#) such that T? is positional while o* may 
need one bit of memory to be implemented. 

By exchangeability property of optimal strategies we can conclude that 
(at, TË) is a couple of optimal positional strategies. Q.E.D. 


5 Blackwell optimality 


Let us return to discounted games. In this section we examine what happens 
if, for all states s, the discount factors A(s) tend to 1 or, equivalently, the 
stopping probabilites tend to 0. 

When all discount factors are equal and tend to 1 with the same rate 
then the value of discounted game tends to the value of a simple mean-payoff 
game, this is a classical result examined extensively by many authors in the 
context of stochastic games, see [6] and the references therein. 
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What happens however if discount factors tend to 1 with different rates 
for different states? To examine this limit we assume in the sequel that 
arenas for discounted games are equipped not only with a reward mapping 
r: S — R but also with a priority mapping m : S — Z, and a weight 
mapping w : S —> (0,1), exactly as for priority mean-payoff games of 
Section 4. 

Let us take 8 € (0,1] and assume that the stopping probability of each 
state s is equal to w(s)G7), i.e. the discount factor is 


A(s) = 1 — w(s)67 . (1.39) 


Note that with these discount factors, for two states s and s’, 7(s) < 1(s’) 
iff 1 — A(s’) = o(1 — A(s)) for 8 | 0. 

If (1.39) holds then the payoff mapping (1.9) can be rewritten in the 
following way, for a play p = s981S2..., 


up(p) = YOC — w(so) 8")... (1 = w(s¢1) B79) 3") w(55)r(si) 
i=0 
(1.40) 
Let us fix a finite arena A. Obviously, it depends on the parameter 8 
which positional strategies are optimal in the games with payoff (1.40). It 
is remarkable that for @ sufficiently close to 0 the optimality of positional 
strategies does not depend on 8 any more. This phenomenon was discov- 
ered, in the framework of Markov decision processes, by David Blackwell [2] 
and is now known under the name of Blackwell optimality. 
We shall say that positional strategies (o#,r#) € = x T are G-optimal if 
they are optimal in the discounted game (A, ug). 


Definition 5.1. Strategies (ot, T?) € © xT are Blackwell optimal in a game 
(A, ug) if they are G-optimal for all 8 in an interval 0 < 6 < Bo for some 
constant 8o > 0 (Bo depends on the arena A). 


Theorem 5.2. 


(a) For each arena A there exists 0 < Bo < 1 such that if ot, T? are G-optimal 
positional strategies for players 1 and 2 for some 8 € (0, 39) then they 
are Z-optimal for all 8 € (0, Go), i.e. they are Blackwell optimal. 


(b) If o#,7# are positional Blackwell optimal strategies then they are also 
optimal for the priority mean-payoff game (A, upm). 


(c) For each state s, limg)o val( A, s, ug) = val(A, S, upm), where val(A, s, ug) 
and val(A, S, upm) are the values of, respectively, the 6-discounted game 
and the priority mean-payoff game. 
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The remaining part of this section is devoted to the proof of Theorem 5.2. 


Lemma 5.3. Let p be an ultimately periodic infinite sequence of states. 
Then ug(p) is a rational function’ of 8 and 


lim ua(p) = upm(P) - (1.41) 


Proof. First of all we need to extend the definition (1.40) to finite sequences 
of states, if £ = sos, . . . Sı then Upm(z) is defined like in (1.40) but with the 
sum taken from 0 to l. 

Let p = xy” be an ultimately periodic sequence of states, where x, y are 
finite sequences of states, y non-empty. Directly from (1.40) we obtain that, 
for £ = S80... Sq, 


ug(p) = up(£) + (1 — w(so) 67)... (1 — w(s1) 87 Jus(y®) . (1.42) 


For any polynomial f (8) = par a; the order® of f is the smallest j such 
that a; A 0. By definition the order of the zero polynomial is +00. 

Now note that ug(x) is just a polynomial of 8 of order strictly greater 
than 0, which implies that limgjoug(z) = 0. Thus limgjoug(p) = 
limg jo ug(y”). On the other hand, upm(p) = Uupm(y”). Therefore it suf- 
fices to prove that 


i “y = ton (y”) = 1.4 
lim u(y) = upm(y") (1.43) 
Suppose that y = tot, ... tk, ti € S. Then 
ua(y”) = ualy) XCI — w(to) 67%) (1 — w(te) 67 = 
i=0 


ugly) 
T— (1 wto) 0- (1 wtp) (1.44) 


Let a = min{r(t;)| 0 < i < k} be the priority of y, L= {1| 0 <1< 
k and z(t,) = a}. Now it suffices to observe that the right hand side of 
(1.44) can be rewritten as 
age) = Erer VDB + 18) 
Diet wt) +g) ’ 


where f and g are polynomials of order greater than a. Therefore 


tı)r(t 
lim ug(y”) = Her Ldr) (1.45) 
B10 aD) 
However, the right hand side of (1.45) is the value of Upm(y”). Q.E.D. 


T The quotient of two polynomials. 
8 Not to be confounded with the degre of f which is te greatest j such that a; #0. 
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Proof of Theorem 5.2. The proof of condition (a) given below follows very 
closely the one given in [13] for Markov decision processes. 

Take a sequence (Bn), Bn € (0,1], such that lim,+. Bn = 0. Since 
for each ,, there is at least one pair of 3,,-optimal positional strategies and 
there are only finitely many positional strategies for a finite arena A, passing 
to a subsequence of (Bn) if necessary, we can assume that there exists a pair 
of positional strategies (ot, r”) that are 3,-optimal for all Bn. 

We claim that there exists 3) > 0 such that (o*,7*) are 3-optimal for 
all 0 < B < po. 

Suppose the contrary. Then there exists a state s and a sequence (Ym), 
Ym E (0,1], such that lim... %m = 0 and, for each m, either o or TË is 
not Ym-optimal. Therefore, for each m, 


(i) either player 1 has a strategy ož, such that 

ty, (p(s, 0", TË)) < uy, (p(s, 0%,,T")), 
(ii) or player 2 has a strategy 7, such that 

tam (PCS, 0%, Tm)) < tym (PCs, 0°, 78). 


Due to Lemma 2.2, all the strategies ož, and 77, can be chosen to be po- 
sitional and since the number of positional strategies is finite, taking a 
subsequence of (Ym ) if necessary, we can assume that 


(1) either there exist a state s, a positional strategy o* € Xp and a sequence 
(Ym), Ym | 0, such that 


ug(p(s, o%,7*)) < ug(p(s,0*,T*)) for all 6 = 1, 72,--- ’ (1.46) 


(2) or there exist a state s, a positional strategy 7* € J, and a sequence 
(Ym), Ym l 0, such that 


ue(p(s,o%,7*)) < ug(p(s,of,T*)) for all @=~1,72,.-.. (1.47) 


Suppose that (1.46) holds. 
The choice of (at, 7#) guarantees that 


ug(pls,o*,T*)) < ua(p(s, o*,7*)) for all 6 = Bi, Paperi (1.48) 
Consider the function 


f(2) = ug(p(s,0*,7*)) — ua (p(s, ot, r#)), (1.49) 
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By Lemma 5.3, for 0 < 8 < 1, f(8) is a rational function of 3. But from 
(1.46) and (1.48) we can deduce that when @ tends to 0 then f(8) < 0 
infinitely often and f() > 0 infinitely often. This is possible for a ratio- 
nal function f only if this function is identicaly equal to 0, contradicting 
(1.46). In a similar way we can prove that (1.47) entails a contradiction. 
We conclude that o# and 7Ë are Blackwell optimal. 

To prove condition (b) of Theorem 5.2 suppose the contrary, i.e. that 
there are positional Blackwell optimal strategies (o*, r*) that are not optimal 
for the priority mean-payoff game. This means that there exists a state s 
such that either 


Upm(p(s, a", T*)) < upm(p(s, 0,7") (1.50) 
for some strategy o of player 1 or 
Upm(p(s,*,7)) < upm(p(s, o*, 7*)) (1.51) 


for some strategy 7 of player 2. Since priority mean-payoff games have 
optimal positional strategies, by Lemma 2.2, we can assume without loss 
of generality that o and 7 are positional. Suppose that (1.50) holds. As 
o,a',7* are positional the plays p(s,a4,r#) and p(s,o,7T*) are ultimately 
periodic, by Lemma 5.3, we get 


lim ua(p(s,04,74)) = tpm (p(s, 08, 74)) 
(1.52) 


< Upm(p(s, 7, T?)) = Ha uglp(s,0, ry). 


However, inequality (1.52) implies that there exists 0 < 8o such that 
for all B < bo, ug(p(s, o%,7*)) < ua(p(s, a, T*)) : 


in contradiction with the Blackwell optimality of (o*,7*). Similar reasoning 
shows that also (1.51) contradicts the Blackwell optimality of (o#,r#). i 
This also shows that 


lim val(A, s, ug) = lim ug(p(s, o* , T*)) = upm(p(s, o*, 74)) = val(A, s, upm), 
BLO BLO 
i.e., condition (c) of Theorem 5.2 holds as well. Q.E.D. 


Let us note that there is another known link between parity and dis- 
counted games: Jurdziński [14] has shown how parity games can be reduced 
to mean-payoff games and it is well-known that the value of mean-payoff 
games is a limit of the value of discounted games, see [15] or [21] for the 
particular case of deterministic games. However, the reduction of [14] does 
not seem to extend to priority mean-payoff games and, more significantly, it 
also fails for perfect information stochastic games. Note also that [21] con- 
centrates only on value approximation and the issue of Blackwell optimality 
of strategies in not touched at all. 


352 H. Gimbert, W. Zielonka 


6 Final remarks 
6.1 Interpretation of infinite games 


In real life all systems have a finite life span: computer systems become 
obsolete, economic environment changes. Therefore it is reasonable to ask 
if infinite games are pertinent as models of such systems. This question is 
discussed for example in [18]. 

If there exists a family of payoff mappings un such that un : S” —» R 
is defined for paths of length n (n-stage payoff) and the payoff u(sos1...) 
for an infinite play is a limit of up,(sos1...$,—1) when the number of stages 
n tends to co then we can say that infinite games are just approximations 
of finite games where the length of the game is very large or not precisely 
known. This interpretation is quite reasonable for simple mean-payoff games 
for example, where the payoff for infinite plays is a limit of n stage mean- 
payoff. However such an interpretation fails for priority mean-payoff games 
and for parity games where no appropriate n-stage payoff mappings exist. 

However the stopping (or discounted) games offer another attractive 
probabilistic interpretation of priority mean-payoff games. For sufficiently 
small @ if we consider a stopping game with the stopping probabilities 
w(s)G7) for each state s then Theorem 5.2 states that optimal positional 
strategies for the stopping game are optimal for the priority mean-payoft 
game. Moreover, the value of the stopping game tends to the value of the 
priority mean-payoff game when 8 tends to 0. And the stopping game is 
a finite game but in a probabilistic rather than deterministic sense, such 
a game stops with probability 1. Thus we can interpret infinite priority 
mean-payoff games as an approximation of stopping games where the stop- 
ping probabilities are very small. We can also see that smaller priorities are 
more significant since the corresponding stopping probabilities are much 
greater: w(s)87) = o(w(t)6™™) if a(s) > x(t). 


6.2 Refining the notion of optimal strategies for priority 
mean-payoff games 

Optimal strategies for parity games (and generally for priority mean-payoff 

games) are under-selective. To illustrate this problem let us consider the 

game of Figure 6.2. 

For this game all strategies of player 1 guarantee him the payment 1. 
Suppose however that the left loop contains 21000000 states while the right 
loop only 3 states. Then, intuitively, it seems that the positional strategy 
choosing always the small right loop is much more advantageous for player 1 
than the positional strategy choosing always the big left loop. But with the 
traditional definition of optimality for parity games one strategy is as good 
as the other. 
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FIGURE 1. The left and the right loop contain one state, x and y respec- 
tively, with priority 2i + 1, all the other states have priority 2i. The weight 
of all states is 1. The reward for x and for y is 1 and O for all the other 
states. This game is in fact a parity (Biichi) game, player 1 gets payoff 1 if 
one of the states {x,y} is visited infinitely often and 0 otherwise. 


On the other hand, Blackwell optimality clearly distinguishes both strat- 
egies, the discounted payoff associated with the right loop is strictly greater 
than the payoff for the left loop. 

Let us note that under-selectiveness of simple mean-payoff games origi- 
nally motivated the introduction of the Blackwell’s optimality criterion [2]. 
Indeed, the infinite sequence of rewards 100,0,0,0,0,... gives, at the limit, 
the mean-payoff 0, the same as an infinite sequence of 0. However it is clear 
that we prefer to get once 100 even if it is followed by an infinite sequence 
of 0 than to get 0 all the time. 


6.3 Evaluating ĝo. 


Theorem 5.2 is purely existential and does not provide any evaluation of the 
constant 39 appearing there. However it is not difficult to give an elementary 
estimation for ĝo, at least for deterministic games considered in this paper. 
We do not do it here since the bound for o obtained this way does not 
seem to be particularly enlightening. 

The preceding subsection discussing the meaning of the Blackwell op- 
timality raises the question what is the complexity of finding Blackwell 
optimal strategies. This question remains open. Note that if we can find 
efficiently Blackwell optimal strategies then we can obviously find efficiently 
optimal strategies for priority mean-payoff games and, in particular, for par- 
ity games. But the existence of a polynomial time algorithm solving parity 
games is a well-known open problem. 
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Abstract 


Algorithmic meta theorems are algorithmic results that apply to 
whole families of combinatorial problems, instead of just specific prob- 
lems. These families are usually defined in terms of logic and graph 
theory. An archetypal algorithmic meta theorem is Courcelle’s The- 
orem [9], which states that all graph properties definable in monadic 
second-order logic can be decided in linear time on graphs of bounded 
tree width. 

This article is an introduction into the theory underlying such 
meta theorems and a survey of the most important results in this 
area. 


1 Introduction 


In 1990, Courcelle [9] proved a fundamental theorem stating that graph 
properties definable in monadic second-order logic can be decided in linear 
time on graphs of bounded tree width. This is the first in a series of algo- 
rithmic meta theorems. More recent examples of such meta theorems state 
that all first-order definable properties of planar graphs can be decided in 
linear time [42] and that all first-order definable optimisation problems on 
classes of graphs with excluded minors can be approximated in polynomial 
time to any given approximation ratio [19]. The term “meta theorem” refers 
to the fact that these results do not describe algorithms for specific prob- 
lems, but for whole families of problems, whose definition typically has a 
logical and a structural (usually graph theoretical) component. For exam- 
ple, Courcelle’s Theorem is about monadic second-order logic on graphs of 
bounded tree width. 


* I would like to thank Bruno Courcelle, Arnaud Durand, Sang-Il Oum, Stéphan 
Thomassé for patiently answering various questions I had while writing this survey. 
Thanks to Isolde Adler, Albert Atserias, Yijia Chen, Anuj Dawar, Reinhard Diestel, 
Jorg Flum, Magdalena Griiber, Stephan Kreutzer, Nicole Schweikardt for valuable 
comments on earlier drafts of the survey. 


Jörg Flum, Erich Grädel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 357—422. 
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This article is an introductory survey on algorithmic meta theorems. 
Why should we care about such theorems? First of all, they often provide 
a quick way to prove that a problem is solvable efficiently. For example, 
to show that the 3-colourability problem can be solved in linear time on 
graphs of bounded tree width, we observe that 3-colourability is a property 
of graphs definable in monadic second-order logic and apply Courcelle’s the- 
orem. Secondly, and more substantially, algorithmic meta theorems yield a 
better understanding of the scope of general algorithmic techniques and, in 
some sense, the limits of tractability. In particular, they clarify the interac- 
tions between logic and combinatorial structure, which is fundamental for 
computational complexity. 


The general form of algorithmic meta theorems is: 


All problems definable in a certain logic on a certain class of 
structures can be solved efficiently. 


Problems may be of different types, for example, they may be optimisation 
or counting problems, but in this article we mainly consider decision prob- 
lems. We briefly discuss other types of problems in Section 7.2. Efficient 
solvability may mean, for example, polynomial time solvability, linear or 
quadratic time solvability, or fixed-parameter tractability. We shall discuss 
this in detail in Section 2.3. Let us now focus on the two main ingredients 
of the meta theorems, logic and structure. 

The two logics that, so far, have been considered almost exclusively for 
meta theorems are first-order logic and monadic second-order logic. Tech- 
niques from logic underlying the theorems are Feferman-Vaught style com- 
position lemmas, automata theoretic techniques, and locality results such 
as Hanf’s Theorem and Gaifman’s Theorem. 

The structures in algorithmic meta theorems are usually defined by 
graph theoretic properties. Actually, to ease the presentation, the only 
structures we shall consider in this survey are graphs. Many of the meta 
theorems are tightly linked with graph minor theory. This deep theory, 
mainly developed by Robertson and Seymour in a long series of papers, 
describes the structure of graphs with excluded minors. It culminates in 
the graph minor theorem [75], which states that every class of graphs closed 
under taking minors can be characterised by a finite set of excluded mi- 
nors. The theory also has significant algorithmic consequences. Robertson 
and Seymour [73] proved that every class of graphs that is closed under 
taking minors can be recognised in cubic time. More recently, results from 
graph minor theory have been combined with algorithmic techniques that 
had originally been developed for planar graphs to obtain polynomial time 
approximation schemes and fixed parameter tractable algorithms for many 
standard optimisation problems on families of graphs with excluded mi- 
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nors. The methods developed in this context are also underlying the more 
advanced algorithmic meta theorems. 

There are some obvious similarities between algorithmic meta theorems 
and results from descriptive complexity theory, in particular such results 
from descriptive complexity theory that also involve restricted classes of 
graphs. As an example, consider the theorem stating that fixed-point logic 
with counting captures polynomial time on graphs of bounded tree width 
[49], that is, a property of graphs of bounded tree width is definable in fixed- 
point logic with counting if and only if it is decidable in polynomial time. 
Compare this to Courcelle’s Theorem. Despite the similarity, there are two 
crucial differences: On the one hand, Courcelle’s Theorem is weaker as it 
makes no completeness claim, that is, it does not state that all properties of 
graphs of bounded tree width that are decidable in linear time are definable 
in monadic second-order logic. On the other hand, Courcelle’s Theorem is 
stronger in its algorithmic content. Whereas it is very easy to show that all 
properties of graphs (not only graphs of bounded tree width) definable in 
fixed-point logic with counting are decidable in polynomial time, the proof 
of Courcelle’s theorem relies on substantial algorithmic ideas like the trans- 
lation of monadic second-order logic over trees into tree automata [80] and 
a linear time algorithm for computing tree decompositions [5]. In general, 
algorithmic meta theorems involve nontrivial algorithms, but do not state 
completeness, whereas in typical results from descriptive complexity, the 
algorithmic content is limited, and the nontrivial part is completeness. But 
there is no clear dividing line. Consider, for example, Papadimitriou and 
Yannakakis’s [66] well known result that all optimisation problems in the 
logically defined class MAXSNP have a constant factor approximation al- 
gorithm. This theorem does not state completeness, but technically it is 
much closer to Fagin’s Theorem [36], a central result of descriptive com- 
plexity theory, than to the algorithmic meta theorems considered here. In 
any case, both algorithmic meta theorems and descriptive complexity the- 
ory are branches of finite model theory, and there is no need to draw a line 
between them. 

When I wrote this survey, it was my goal to cover the developments up 
to the most recent and strongest results, which are concerned with monadic 
second-order logic on graphs of bounded rank width and with first-order 
logic on graphs with excluded minors. The proofs of most theorems are 
at least sketched, so that we hope that the reader will not only get an 
impression of the results, but also of the techniques involved in their proofs. 


2 The basics 


R, Q, Z, and N denote the sets of real numbers, rational numbers, integers, 
and natural numbers (that is, positive integers), respectively. For a set 
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S CR, by S>o we denote the set of nonnegative numbers in S. For integers 
m,n, by [m,n] we denote the interval {m,m + 1,...,n}, which is empty if 
n < m. Furthermore, we let [n] = [1,n]. The power set of a set S is denoted 
by 25, and the set of all k-element subsets of S by (2). 


2.1 Graphs 
A graph G is a pair (V(G), E(G)), where V(G) is a finite set whose ele- 
ments are called vertices and E(G) C (Y) is a set of unordered pairs 
of vertices, which are called edges. Hence graphs in this paper are always 
finite, undirected, and simple, where simple means that there are no loops 
or parallel edges. If e = {u,v} is an edge, we say that the vertices u 
and v are adjacent, and that both u and v are incident with e. A graph 
H is a subgraph of a graph G (we write H C G) if V(H) C V(G) and 
E(H) C E(G). If E(H) = E(G) NA (E), then H is an induced subgraph 
of G. For a set W C V(G), we write G[W] to denote the induced subgraph 
(W, E(G) n (Y) ) and G \ W to denote G[V(G) \ W]. For a set F C E, 
we let G|F] be the subgraph (U F, F). Here |J F denote the union of all 
edges in F, that is, the set of all vertices incident with at least one edge 
in F. We call G[F] the subgraph of G generated by F; note that it is not 
necessarily an induced subgraph of G. The union of two graphs G and H 
is the graph GU H = (V (G) U V(H), E(G) U E(H)), and the intersection 
GN H is defined similarly. The complement of a graph G = (V, E) is the 
graph G = (V, Œ) \ E). There is a unique empty graph (9,@). For n > 1, 
we let K, be the complete graph with n vertices. To be precise, let us say 
Ky = ([n], (2)). We let Kn,m be the complete bipartite graph with parts 
of size m,n, respectively. 

Occasionally, we consider (vertex) labelled graphs. A labelled graph is a 
tuple 

G = (V(G), E(G), Pi(G),..., Po(G)), 


where P;(G) C V(G) for all i € [¢]. The symbols P; are called labels, 
and if v € P;(G) we say that v is labelled by P;. Subgraphs, union, and 
intersection extend to labelled graphs in a straightforward manner. The 
underlying graph of a labelled graph G is (V(G), E(G)). Whenever we 
apply graph theoretic notions such as connectivity to labelled graphs, we 
refer to the underlying graph. 

The order |G| of a graph G is the number of vertices of G. We usually 
use the letter n to denote the order of a graph. The size of G is the number 
\|G|| = |G|+|E(G)|. Up to a constant factor, this is the size of the adjacency 
list representation of G under a uniform cost model. 

G denotes the class of all graphs. For every class C of graphs, we let 
Ci» be the class of all labelled graphs whose underlying graph is in C. A 
graph invariant is a mapping defined on the class G of all graphs that is 
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invariant under isomorphisms. All graph invariants considered in this paper 
are integer valued. For a graph invariant f : G — Z and a class C of graphs, 
we say that C has bounded f if there is a k € Z such that f(G) < k for all 
GEC. 

Let G = (V, E) be a graph. The degree deg? (v) of a vertex v € V is the 
number of edges incident with v. We omit the superscript © if G is clear 
from the context. The (maximum) degree of G is the number 


A(G) = max{deg(v) |v € V}. 


The minimum degree 6(G) is defined analogously, and the average degree 
d(G) is 2|E(G)|/|V(G)|. Observe that ||G|| = O(d(G) - |G|). Hence if a 
class C of graphs has bounded average degree, then the size of the graphs 
in C is linearly bounded in the order. In the following, “degree” of a graph, 
without qualifications, always means “maximum degree”. 

A path in G = (V, E) of length n > 0 from a vertex vo to a vertex Up, 
is a sequence vp,...,Un of distinct vertices such that {v;-1,v;} € E for all 
i € [n]. Note that the length of a path is the number of edges on the path. 
Two paths are disjoint if they have no vertex in common. G is connected if 
it is nonempty and for all v, w € V there is a path from v to w. A connected 
component of G is a maximal (with respect to C) connected subgraph. G is 
k-connected, for some k > 1, if |V| > k and for every W C V with |W] < k 
the graph G \ W is connected. 

A cycle in a graph G = (V, E) of length n > 3 is a sequence v1... Un of 
distinct vertices such that {vn,vi} € E and {vj_1, vi} € E for all i € [2, n]. 
A graph G is acyclic, or a forest, if it has no cycle. G is a tree if it is acyclic 
and connected. It will be a useful convention to call the vertices of trees 
nodes. A node of degree at most 1 is called a leaf. The set of all leaves of a 
tree T is denoted by L(T). Nodes that are not leaves are called inner nodes. 
A rooted tree is a triple T = (V(T), E(T),r(T)), where (V(T), E(T)) is a 
tree and r(T) € V(T) is a distinguished node called the root. A node t of 
a rooted tree T is the parent of a node u, and u is a child of t, if t is the 
predecessor of u on the unique path from the root r(T) to u. Two nodes 
that are children of the same parent are called siblings. A binary tree is a 
rooted tree T in which every node has either no children at all or exactly 
two children. 


2.2 Logic 


I assume that the reader has some background in logic and, in particular, 
is familiar with first-order predicate logic. To simplify matters, we only 
consider logics over (labelled) graphs, even though most results mentioned 
in this survey extend to more general structures. Let us briefly review the 
syntax and semantics of first-order logic FO and monadic second-order logic 
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MSO. We assume that we have an infinite supply of individual variables, 
usually denoted by the lowercase letters x, y, z, and an infinite supply of set 
variables, usually denoted by uppercase letters X, Y, Z. First-order formulas 
in the language of graphs are built up from atomic formulas E(x, y) and 
x = y by using the usual Boolean connectives — (negation), A (conjunction), 
v (disjunction), — (implication), and + (bi-implication) and existential 
quantification dx and universal quantification Vx over individual variables. 
Individual variables range over vertices of a graph. The atomic formula 
E(x, y) expresses adjacency, and the formula x = y expresses equality. From 
this, the semantics of first-order logic is defined in the obvious way. First- 
order formulas over labelled graphs may contain additional atomic formulas 
P,(x), meaning that x is labelled by P;. If a label P; does not appear in 
a labelled graph G, then we always interpret P;(G) as the empty set. In 
monadic second-order formulas, we have additional atomic formulas X(x) 
for set variables X and individual variables x, and we admit existential and 
universal quantification over set variables. Set variables are interpreted by 
sets of vertices, and the atomic formula X(x) means that the vertex x is 
contained in the set X. 

The free individual and set variables of a formula are defined in the 
usual way. A sentence is a formula without free variables. We write 


p(11,-.-,;Uk,X1,...,Xe) to indicate that y is a formula with free vari- 
ables among 21,...,2%, X1,...,X¢. We use this notation to conveniently 
denote substitutions and assignments to the variables. If Œ = (V,E) 


is a graph, v1,...,v, E V, and Wy,...,We C V, then we write G = 
p(v1,..-,;Up,W1,...,We) to denote that y(a1,...,@~,X1,..., Xe) holds in 
G if the variables x; are interpreted by the vertices v; and the variables X; 
are interpreted by the vertex sets W;. 

Occasionally, we consider monadic second-order formulas that contain no 
second-order quantifiers, but have free set variables. We view such formulas 
as first-order formulas, because free set variables are essentially the same 
as labels (unary relation symbols). An example of such a formula is the 
formula dom(X) in Example 2.1 below. We say that a formula y(X) is 
positive in X if X only occurs in the scope of an even number of negation 
symbols. It is negative in X if X only occurs in the scope of an odd number 
of relation symbols. We freely use abbreviations such as ae pi instead of 
(yi ^... Apk) and x  y instead of mx = y. 


Example 2.1. A dominating set in a graph G = (V, E) is a set S C V such 
that for every v € V, either v is in S or v is adjacent to a vertex in S. 
The following first-order sentence dom; says that a graph has a dominating 
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set of size k: 


k 
dom; = Sj . .. Jez ( \ a; # xj Yy V (y= zi V Bly, 2%))). 


1<i<j<k i=l 


The following formula dom(X) says that X is a dominating set: 


dom(X) = vy (X(y) V 32(X(z) A Elz, y))). 


More precisely, for every graph G and every subset S C V (G) it holds that 
G } dom(S) if and only if S is a dominating set of G. 


Example 2.2. The following monadic second-order sentences conn and 
acyc say that a graph is connected and acyclic, respectively: 


conn = Jz r =x ^ vX ( (z X (x) A VaVy((X(x) A E(2,y)) > X(y))) 


= veX(x)), 


acyc = =J X c X (x) AVx(X (2) 


> JyJy (yı # y2 A E(x, y1) A E(x, y2) A X (y1) A X(»)))): 


The sentence acyc is based on the simple fact that a graph has a cycle if 
and only if it has a nonempty induced subgraph in which every vertex has 
degree at least 2. Then the sentence tree = conn ^ acyc says that a graph 
is a tree. 


The quantifier rank of a first-order or monadic second-order formula ¢ is 
the nesting depth of quantifiers in y. For example, the quantifier rank of the 
formula acyc in Example 2.2 is 4. Let G be a graph and v = (v1,..., Uk) € 
V(G)*, for some nonnegative integer k. For every q > 0, the first-order q- 


type of v in G is the set tpřO(G, v) of all first-order formulas y(z1,..., £) of 
quantifier rank at most q such that G — y(v1,..., vx). The monadic second- 


order q-type of 0 in G, tpy'S°(G, 0) is defined analogously. As such, types 


are infinite sets, but we can syntactically normalise formulas in such a way 
that there are only finitely many normalised formulas of fixed quantifier rank 
and with a fixed set of free variables, and that every formula can effectively 
be transformed into an equivalent normalised formula of the same quantifier 
rank. We represent a type by the set of normalised formulas it contains. 
There is a fine line separating decidable and undecidable properties of types 
and formulas. For example, it is decidable whether a formula is contained 
in a type: We just normalise the formula and test if it is equal to one of 
the normalised formulas in the type. It is undecidable whether a set of 
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FIGURE 2.1. An illustration of Lemma 2.3 


normalised formulas actually is (more precisely: represents) a type. To 
see this, remember that types are satisfiable by definition and that the 
satisfiability of first-order formulas is undecidable. 

For a tuple v = (v1,..., Uk), we sloppily write {0} to denote the set 
{vui,...,vz}. It will always be clear from the context whether {0} refers 
to the set {v1,..., Uk} or the l-element set {(v1,...,vx)}. For tuples U = 
(v1,..., Uk) and w = (wi,...,we), we write tw to denote their concatena- 
tion (v1,..., Uk, W1,..., We). We shall heavily use the following “Feferman- 
Vaught style” composition lemma. 


Lemma 2.3. Let tp be one of tp’, tpMS°. Let G, H be labelled graphs 
and u € V(G)*, 0 € V(G)*, w € V(H)™ such that V(G) O V(H) = {a} (cf. 
Figure 2.1). Then for all q > 0, tp,(GUH, wow) is determined by tp,(G, wv) 
and tp,(H, uw). Furthermore, there is an algorithm that computes tp, (GU 
H, uvw) from tp,(G, uv) and tp, (H, uw). 


Let me sketch a proof of this lemma for first-order types. The version for 
monadic second-order types can be proved similarly, but is more complicated 
(see, for example, [58]). 


Proof sketch. Let G, H be labelled graphs and u € V(G)* such that V(G)N 
V(H) = {u}. By induction on y, we prove the following claim: 


Claim: Let y(%,%,Z) be a first-order formula of quantifier rank q, 
where Z is a k-tuple and y, Z are tuples of arbitrary length. Then there is a 
Boolean combination ©(%, 9, Z) of expressions G = w(Z,y) and H = x(Z, Z) 
for formulas w, x of quantifier rank at most q, such that for all tuples v of 
vertices of G and Ù of vertices of H of the appropriate lengths it holds that 


GUHE y(ū,0, 0) 4> (ù, v, 0). 


Here (u,v, w) denotes the statement obtained from ®(Z, y, Z) by substi- 
tuting ù for z, U for y, and w for Z. 


Furthermore, the construction of ® from y is effective. 


The claim holds for atomic formulas, because there are no edges from 
V(G) \ V(H) to V(A) \ V(G) in GU H. It obviously extends to Boolean 
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combinations of formulas. So suppose that y(%, 9,2) = Jzoy(z, zo, 9, Z). 
Let v,w be tuples in G, H of the appropriate lengths. By the induction 
hypothesis, there are V1(Z, Jyo, Z) and V2(Z, Y, Zz) such that 


GUE E (t,t, w) 
<=> Iwo € V (G) Y (ù, vvo, w) or Iwo E€ V(A) Vo(%, v, wwo). 


We may assume that Vj is of the form 


V (GE xil, Jyo) A H H & (2, 2). 


i=1 


Hence Jvo € V (G) Yı (ù, Vvo, w) is equivalent to 


VV Gv € V(G) G È x:(ā, vo) A H H &:(ā,0)). 


We let 1 = Vi, (G H Ayoxi(2, Jyo) A H F & (2, Z)). Similarly, we define 
a ® from Wo, and then we let ® = ®, V ®o. 
Clearly, the claim implies the statements of the lemma. Q.E.D. 


2.3 Algorithms and complexity 


I assume that the reader is familiar with the basics of the design and anal- 
ysis of algorithms. We shall make extensive use of the Oh-notation. For 
example, we shall denote the class of all polynomially bounded functions 
of one variable n by n°“. I also assume that the reader is familiar with 
standard complexity classes such as PTIME, NP, and PSPACE and with 
concepts such as reducibility between problems and hardness and complete- 
ness for complexity classes. If not specified otherwise, reductions are always 
polynomial time many-one reductions. The following example illustrates 
our notation for introducing algorithmic problems. 


Example 2.4. The dominating set problem is defined as follows: 


DOMINATING-SET 
Instance. A graph G and a natural number k 


Problem. Decide if G has a dominating set of size k 


It is well-known that DOMINATING-SET is NP-complete. 


We are mainly interested in algorithms for and the complexity of model 
checking problems. For every logic L and every class C of graphs, we let: 
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MC(L,C) 


Instance. A sentence y of L and a graph G EC 
Problem. Decide if G = y 


If C is the class of all graphs, we just write MC(L). 


Example 2.5. Example 2.1 shows that DOMINATING-SET is reducible to 
MC(FO). Hence MC(FO) is NP-hard. As MC(FO) is trivially reducible 
to MC(MSO), the latter is also NP-hard. 


Fact 2.6 (Vardi, [81]). MC(FO) and MC(MSO) are PSPACE-complete. 


This fact is often phrased as: “The combined complexity of FO resp. 
MSO is PSPACE-complete.” Combined complexity refers to both the sen- 
tence and the graph being part of the input of the model checking problem. 
Two principal ways of dealing with the hardness of model checking problems 
are restrictions of the logics and restrictions of the classes of input graphs. In 
this survey, we shall only consider restrictions of the classes of input graphs. 
As for restrictions of the logics, let me just mention that the model checking 
problem remains NP-hard even for the fragment of first-order logic whose 
formulas are the positive primitive formulas, that is, existentially quantified 
conjunctions of atomic formulas. On the other hand, the model checking 
problem is in polynomial time for the bounded variable fragments of first- 
order logic [82]. 

Unfortunately, restricting the class of input graphs does not seem to 
improve the complexity, because the hardness result in Fact 2.6 can be 
strengthened: Let G be any graph with at least two vertices. Then it is 
PSPACE-hard to decide whether a given FO-sentence y holds in the fixed 
graph G. Of course this implies the corresponding hardness result for MSO. 
Hence not only the combined complexity, but also the expression complexity 
of FO and MSO is PSPACE-complete. Expression complexity refers to the 
problem of deciding whether a given sentence holds in a fixed graph. The 
reason for the hardness result is that in graphs with at least two vertices we 
can take atoms of the form x = y to represent Boolean variables and use 
this to reduce the PSPACE-complete satisfiability problem for quantified 
Boolean formulas to the model checking problem. Let us explicitly state 
the following consequence of this hardness result, where we call a class of 
graphs nontrivial if it contains at least one graph with at least two vertices. 


Fact 2.7. For every nontrivial class C of graphs, the problems MC(FO,C) 
and MC(MSO,C) are PSPACE-hard. 


So what can we possibly gain by restricting the class of input graphs of 
our model checking problems? As there are no polynomial time algorithms 
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(unless PTIME = PSPACE) even for very simple classes C of input graphs, 
we have to relax our notion of “tractability”. A drastic way of doing this is 
to consider data complexity instead of combined complexity, that is, consider 
the complexity of evaluating a fixed sentence of the logic in a given graph. 
The following fact implies that the data complexity of FO is in PTIME: 


Fact 2.8. There is an algorithm that solves MC(FO) in time O(k? - n*), 
where n denotes the order of the input graph G and k the length of the 
input sentence y. 


Even though FO and MSO have the same combined complexity and the 
same expression complexity, the following example shows that the two logics 
differ in their data complexity: 


Example 2.9. It is easy to see that there is an MSO-formula 3-col saying 
that a graph is 3-colourable. As the 3-colourability problem is NP-complete, 
this shows that the data complexity of MSO is NP-hard. 


There are, however, nontrivial classes C of graphs such that the data 
complexity of MSO restricted to C is in PTIME. As we shall see later, an 
example of such a class is the class of all trees. Thus things are starting to 
get interesting. 

Still, while we have seen that polynomial combined complexity is too 
restrictive, polynomial data complexity may be too liberal as a notion of 
tractability. Recall from the introduction that this survey is about algo- 
rithmic meta theorems, that is, uniform tractability results for classes of 
algorithmic problems defined in terms of logic. Fact 2.8 implies such a meta 
theorem: Every graph property definable in first-order logic can be decided 
in polynomial time. A serious draw back of this result is that it does not 
bound the degrees of the polynomial running times of algorithms deciding 
first-order properties. An important justification for PTIME being a rea- 
sonable mathematical model of the class of “tractable” (that is, efficiently 
solvable) problems is that most problems solvable in polynomial time are 
actually solvable by algorithms whose running time is bounded by polyno- 
mials of low degree, usually not more than three. However, this is not the 
case for parameterized families of polynomial time definable problems such 
as the family of first-order definable graph properties, for which the degree 
of the polynomials is unbounded. Or more plainly, even for a property that 
is defined by a fairly short first-order sentence, say, of length k = 10, an 
algorithm deciding this property in time O(n'°) hardly qualifies as efficient. 
A much more useful meta theorem would state that first-order definable 
graph properties can be decided “uniformly” in polynomial time, that is, in 
time bounded by polynomials of a fixed degree. Unfortunately, such a the- 
orem does not seem to hold, at least not for first-order definable properties 
of the class of all graphs. 
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The appropriate framework for studying such questions is that of param- 
eterized complexity theory [28, 39, 63]. A parameterized problem is a pair 
(P,«), where P is a decision problem in the usual sense and « is a poly- 
nomial time computable mapping that associates a natural number, called 
the parameter, with each instance of P.! 

Here we are mainly interested in model checking problems parameterized 
by the length of the input formula. For a logic L and a class C of graphs, 
we let: 


p-MC(L,C) 
Instance. A sentence y of L and a graph G € C 


Parameter. || 
Problem. Decide if GE y 


A parameterized problem (P, x) is fixed-parameter tractable if there is an 
algorithm deciding whether an instance x is in P in time 


f(x(2)) - |al®, (2.1) 


for some computable function f and some constant c. We call an algorithm 
that achieves such a running time an fpt algorithm. Slightly imprecisely, we 
call f the parameter dependence of the algorithm and c the exponent. An 
fpt algorithm with exponent 1 is called a linear fpt algorithm. Similarly, 
fpt algorithms with exponents 2 and 3 are called quadratic and cubic. FPT 
denotes the class of all parameterized problems that are fixed-parameter 
tractable. 

Hence a parameterized model checking problem is fixed-parameter trac- 
table if and only if it is “uniformly” in polynomial time, in the sense dis- 
cussed above. (By requiring the function f bounding the running time to be 
computable, we impose a slightly stronger uniformity condition than above. 
This is inessential, but technically convenient.) 

Parameterized complexity theory is mainly concerned with the distinc- 
tion between running times like O(2"-n) (fpt) and O(n*) (not fpt). Running 
times of the latter type yield the parameterized complexity class XP. Intu- 
itively, a problem is in XP if it can be solved by an algorithm whose running 
time is polynomial for fixed parameter values. Formally, XP is the class of 
all parameterized problems that can be decided in time 


O(a), 


1 At some places in this paper (the first time in Remark 3.19) we are dealing with “pa- 
rameterized problems” where the parameterization is not polynomial time computable. 
Whenever this appears here, the parameterization is computable by an fpt algorithm 
(see below), and this is good enough for our purposes. The same issue is also discussed 
in Section 11.4 of [39]. 
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for some computable function f. Hence essentially, the parameterized model 
checking problem for a logic is in XP if and only if the data complexity of 
the logic is polynomial time. The class XP strictly contains FPT; this is an 
easy consequence of the time hierarchy theorem. 

There is an appropriate notion of fpt reduction and a wide range of 
parameterized complexity classes between FPT and XP. 


Example 2.10. A clique in a graph is the vertex set of a complete sub- 
graph. The parameterized clique problem is defined as follows: 


p-CLIQUE 
Instance. A graph G and a natural number k 


Parameter. k 
Problem. Decide if G has a clique of size k 


It is easy to see that p-CLIQUE € XP. It can be proved that p-CLIQUE 
is complete for the parameterized complexity class W[1] under fpt reduc- 
tions [27]. 


Example 2.11. The parameterized dominating set problem is defined as 
follows: 


p-DOMINATING-SET 
Instance. A graph G and a natural number k 


Parameter. k 
Problem. Decide if G has a dominating set of size k 


It is easy to see that p-DOMINATING-SET € XP. It can be proved that p- 
DOMINATING-SET is complete for the parameterized complexity class W[2] 
under fpt reductions [26]. 


The parameterized complexity classes W[1] and W[2] form the first two 
levels of the so-called W-hierarchy of classes between FPT and XP. Yet 
another parameterized complexity class, located between the W-hierarchy 
and XP, is called AW|*]. Thus we have 


FPT C W[1] c W[2] c W[3] € --- C AW[x] C XP. 


It is conjectured that all containments between the classes are strict. 


Fact 2.12 (Downey-Fellows-Taylor, [29]). p-MC(FO) is AW[x]-complete 
under fpt reductions. 
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Observe that by Example 2.9, p-MC(MSO) is not even in XP unless 
PTIME = NP. 


This concludes our brief introduction to parameterized complexity the- 
ory. For proofs of all results mentioned in this section, I refer the reader to 
[39]. 


3  Monadic second-order logic on tree-like classes of 
graphs 

The model checking problem for monadic second-order logic turns out to be 
tractable on trees and graph classes that are sufficiently similar to trees. A 
well-known measure for the similarity of a graph with a tree is tree width. 
In this article, however, we shall work with branch width instead. The tree 
width and branch width of a graph are the same up to a factor of 3/2, so the 
results are essentially the same. Some of the results, including Courcelle’s 
theorem, may sound unfamiliar this way, but the reader can substitute 
“tree” for “branch” almost everywhere, and the results will remain true 
(up to constant factors, which we usually disregard anyway). Using branch 
width instead of tree width may make this article a bit more interesting for 
those who do not want to read the definition of tree width for the 100th 
time. However, the main reason for working with branch width is that it 
combines nicely with the other graph invariant that we shall study in this 
section, rank width. Indeed, both branch width and rank width of a graph 
are instances of the same abstract notion of branch width of a set function. 


3.1 Trees 


Let 7T denote the class of all trees. Recall that then Jj, denotes the class of 
labelled trees. 


Theorem 3.1 (Folklore). p-MC(MSO, T) is solvable by a linear fpt algo- 
rithm. 


We sketch two proofs of this theorem. Even though one may view them 
as “essentially the same”, the first is more natural from an algorithmic point 
of view, while the second will be easier to generalise later. 


First proof sketch. Using a standard encoding of arbitrary trees in binary 
trees via the “first-child/next-sibling” representation, we can reduce the 
model checking problem for monadic second-order logic on arbitrary la- 
belled trees to the model checking problem for monadic second-order logic 
on labelled binary trees. By a well-known theorem due to Thatcher and 
Wright [80], we can effectively associate a (deterministic) bottom-up tree 
automaton A, with every MSO-sentence y over binary trees such that a 
binary tree T satisfies y if and only if the automaton A, accepts T. By 
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simulating the run of A, on T, it can be checked in linear time whether A, 
accepts a tree T. Q.E.D. 


Second proof sketch. Again, we first reduce the model checking problem to 
binary trees. Let T be a labelled binary tree, and let y be a monadic 
second-order sentence, say, of quantifier rank q. For every t € V (T), let 
T; be the subtree of T rooted in t. Starting from the leaves, our algorithm 
computes tPsO (T, t) for every t € T, using Lemma 2.3. Then it decides if 
p € tp 5O(T, r) for the root r of T. Q.E.D. 


The fpt algorithms described in the two proofs of Theorem 3.1 are lin- 
ear in the size of the input trees. Clearly, this is optimal in terms of n 
(up to a constant factor). But what about the parameter dependence, that 
is, the function f in an fpt running time f(k)-n? Recall that a function 
f: N” — N is elementary if it can be formed from the successor function, 
addition, subtraction, and multiplication using composition, projections, 
bounded addition of the form X pcm g(m1,--.,k,£), and bounded multi- 
plication of the form [[,c,,, g(m1,..-, 7k, £). Let exp”) denote the h-fold 


exponentiation defined by exp (n) = n and exp (n) = gexe""(n) for all 
n,h € N. It is easy to see that exp”) is elementary for all h > 0 and that 
if a function f : N — N is elementary then there is an h > 0 such that 
f(n) < exp (n) for all n € N. It is well known that there is no elemen- 
tary function f such that the number of states of the smallest automaton 
Ay equivalent to an MSO-formula ¢ of length k is at most f(k). It fol- 
lows that the parameter dependence of our automata based fpt algorithm 
for p-MC(MSO,7T) is non-elementary. Similarly, the number of monadic 
second-order q-types is nonelementary in terms of q, and hence the type 
based fpt algorithm also has a nonelementary parameter dependence. But 
this does not rule out the existence of other fpt algorithms with a better 
parameter dependence. The following theorem shows that, under reason- 
able complexity theoretic assumptions, no such algorithms exist, not even 
for first-order model checking: 


Theorem 3.2 (Frick-Grohe, [43]). 


1. Unless PTIME = NP, there is no fpt algorithm for p-MC(MSO,7T) 
with an elementary parameter dependence. 


2. Unless FPT = W[1], there is no fpt algorithm for p-MC(FO,7) with 
an elementary parameter dependence. 


As almost all classes C of graphs we shall consider in the following con- 
tain the class 7 of trees, we have corresponding lower bounds for the model 
checking problems on these classes C. The only exception are classes of 
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graphs of bounded degree, but even for such classes, we have a triply expo- 
nential lower bound [43] (cf. Remark 4.13). 


3.2 Branch decompositions 


We first introduce branch decompositions in an abstract setting and then 
specialise them to graphs in two different ways. 


3.2.1 Abstract branch decompositions 

Let A be a nonempty finite set and « : 24 — R. In this context, the function 
k is often called a connectivity function. A branch decomposition of (A, &) 
is a pair (T, 3) consisting of a binary tree T and a bijection 6: L(T) > A. 
(Recall that L(T) denotes the set of leaves of a tree T.) We inductively 
define a mapping ĝ : V(T) — 24 by letting 


A(t) = ee if t is a leaf, 


B(t1) U 8(t2) if tis an inner node with children t4, t2. 
The width of the branch decomposition (T, «) is defined to be the number 
width(T, x) = max {(G(t)) |te V(T)}, 


and the branch width of (A,«), denoted by bw(A, x), is defined to be the 
minimum of the widths of all branch decompositions of (A,x). We ex- 
tend the definition of branch width to empty ground sets A by letting 
bw(@,«) = «(@) for all k : {Ø} — R. Note that (@,«) does not have 
a branch decomposition, because the empty graph, not being connected, is 
not a tree. 

Usually, the connectivity functions « considered for branch decomposi- 
tions are integer-valued, symmetric, and submodular. A function « : 24 = 
R is symmetric if k(B) = «(A \ B) for all B C A, and it is submodular if 


K(B) + «(C) > K(BUC)+«(BNC) (3.1) 
for all B,C C A. 


Example 3.3. Let A C R” be finite. For every B C A, let r(B) be the 
dimension of the linear subspace of R” generated by B, or equivalently, the 
rank of the matrix with column vectors B (defined to be 0 if B = @). Define 
Klin : 24 >Z by 


Kiin(B) = r(B)+r(A\B)-r(A). 


Klin Measures the dimension of the intersection of the subspace generated 
by B and the subspace generated by A \ B. It is easy to see that Klin is 
symmetric and submodular. 
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FIGURE 3.1. Two branch decompositions of (A, Kin) from Example 3.3 
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Figure 3.1 shows two branch decompositions of (A, Kin). I leave it as an 
exercise for the reader to verify that the first decomposition has width 1 and 
the second has width 2. Observe that bw(A, Kiin) = 1, because every branch 
decomposition (T, 3) of (A, Kin) has a leaf t € L(T) with @(t) = (1,1,1,1)7, 
and we have «yin({(1,1,1,1)7}) =1. 


Example 3.4. Again, let A C R”. Now, for B C A let d(B) be the 
dimension of the affine subspace of R” spanned by B (defined to be —1 if 
B = æ), and let 


east(B) = d(B) + d(A\ B) — d(A). 


It is not hard to prove that kag is also symmetric and submodular. 
Figure 3.2 shows an example of a set A = {a,b,c,d,e, f,g,h} C R? and 
a branch decomposition of (A, Kas) of width 1. 
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FIGURE 3.2. A set of A of eight points in the plane and a branch decom- 
position of (A, kag) of width 1 


Example 3.5. The previous two examples have a common generalisation, 
which is known as the branch width of matroids.?2 Let M be a matroid with 
base set A and rank function rm. Then the function « : 24 — Z defined by 


ku (B) = ru(B) + ru(A \ B) — rm(A) 


is known as the connectivity function of the matroid.3 Obviously, km is 
symmetric, and as the rank function rm is submodular, km is also submod- 
ular. 


Before we return to graphs, let us state a very general algorithmic re- 
sult, which shows that approximately optimal branch decompositions can 
be computed by an fpt algorithm. The proof of this theorem is beyond 
the scope of this survey. It is based on a deep algorithm for minimizing 
submodular functions due to Iwata, Fleischer, and Fujishige [52]. 

When talking about algorithms for branch decompositions, we have to 
think about how the input of these algorithms is specified. Let A be a 
class of pairs (A,«), where K : 24 — Z is symmetric and submodular and 
takes only nonnegative values. We call A a tractable class of connectivity 
functions, if we have a representation of the pairs (A,«) € A such that, 


2 Readers who do not know anything about matroids should not worry. This example 
is the only place in this survey where they appear. 

3 Often, the connectivity function is defined by xm (B) = rm (B)+r m (A\B)—rm (A)+1, 
but this difference is inessential here. 
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given the representation of (A,«), the ground set A can be computed in 
polynomial time, and for every B C A, the value «(B) can be computed in 
polynomial time. 

For example, if A is the class of pairs (A, Kiin), where A is a finite set 
of vectors over some finite field or the field of rationals and klin is the 
linear connectivity function, then we can represent a pair (A, Klin) simply 
by a matrix whose columns are the vectors in A. For the graph based 
examples that we shall describe next, the underlying graph is always used 
as a representation. 


Theorem 3.6 (Oum-Seymour, [65]). Let A be a tractable class of connec- 
tivity functions. Then there is an fpt algorithm that, given (A, k) € A and 
a parameter k € N, computes a branch decomposition of (A, x) of width at 
most 3k if bw(A,«) < k. If bw(A,«) > k, the algorithm may still compute 
a branch decomposition of (A, «) of width at most 3k, or it may simply halt 
without an output.* 


3.2.2 Branch decompositions of graphs 

Let G = (V, E) be a graph. For a set F C E, we define the boundary of 
F to be the set OF of all vertices of G incident both with an edge in F 
and with an edge in E \ F. We define a function kg : 2” > Z by letting 
kG(F) = |OF| for every F C E. It is not hard to verify that kg is symmetric 
and submodular. A branch decomposition of G is a branch decomposition of 
(E, ka), and the branch width bw(G) of G is the branch width of (E, ka). 


Example 3.7. Figure 3.3 shows an example of a graph and branch decom- 
position of this graph of width 5. 


Example 3.8 (Robertson-Seymour, [72]). For every n > 3, the complete 
graph Kn on n-vertices has branch width [2n/3]. 

We omit the proof of the lower bound. For the upper bound, we partition 
the vertex set of Kn into three parts V1, V2, V3 of size [n/3] or |n/3], and 
we partition the edge set into three sets E12, E23, £13 such that edges in Fj; 
are only incident with vertices in V; UV;. Then we take arbitrary branch 
decompositions of the three subgraphs Gi; = (V; U Vj, Eij) and join them 
together as indicated in Figure 3.4. 


Note that the construction of the previous example actually shows that 
every n-vertex graph has branch width at most [2n/3]. 


Example 3.9 (Robertson-Seymour, [72]). A graph has branch width 0 if 
and only if it has maximum degree at most 1. A graph has branch width 1 
if and only if it has at least one vertex of degree greater than 1, and every 


4 An fpt algorithm of this type is known as an fpt approximation algorithm [7]. 
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FIGURE 3.3. A graph with a branch decomposition of width 5. The numbers 
at the nodes indicate the size of the boundary of the edges in the subtree 
below that node. 
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G13 G23 


FIGURE 3.4. A branch decomposition of a clique (see Example 3.8) 


TT 


Gox2 G3x3 Gax4 
FIGURE 3.5. The (n x n)-grids for n = 2,3,4 


connected component has at most one vertex of degree greater than 1. Trees 
and cycles have branch width at most 2. 

Let me suggest it as an exercise for the reader to prove these simple 
facts. 


Example 3.10 (Robertson-Seymour, [72]). For all n > 2, the n x n-grid 


Gn = ([n] x [n], {{(é1, 51), (ia) | bin = tal + lin — fal = 1}) 
(cf. Figure 3.5) has branch width n. 


Branch width is closely related to the more familiar tree width. In fact, 
it is not very hard to prove the following inequalities for all graphs G [72]: 


bw(G) < tw(G) + 1 < max {(3/2) - bw(G), 2}, (3.2) 


where tw(G) denotes the tree width of G. 

As the connectivity functions kg are symmetric and submodular, ap- 
proximately optimal branch decompositions can be computed by the gen- 
eral purpose algorithm of Theorem 3.6. However, for the special case of 
branch decompositions of graphs, better algorithms are known: 


Theorem 3.11 (Bodlaender-Thilikos, [6]). There is an algorithm that, 
given a graph G and a k € N, decides if bw(G) < k and computes a branch 
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FIGURE 3.6. A graph with a rank decomposition of width 1. For later 
reference, we have named the nodes of the tree 


decomposition of G of width at most k if this is the case in time 


f(k): n, 
where n = |V(G)|, for some computable function f. 


3.2.3 Rank decompositions of graphs 

Whereas branch width is based on decompositions of the edge set of a graph, 
for rank width we decompose its vertex set. For a graph G = (V, E) and 
subsets U, W C V of its vertex set, we let Mg(U, W) be the |U| x |W|-matrix 
with entries Mauw for u E€ U, w € W, where 


1 if{u,w} E€ E, 
Mauw = 
0 otherwise. 


Hence Mc(V,V) is just the adjacency matrix of G. We view Mc(U,W) as 
a matrix over the field GF(2) and let rk(Mg(U,W)) be its row rank over 
GF(2). Now we define a connectivity function pg : 2V — N by 


pa(U) = rk (Ma(U, V \ U)) 


forall U C V. Since the row rank and column rank of a matrix coincide, the 
function pg is symmetric, and it is not hard to prove that it is submodular. 
A rank decomposition of G is a branch decomposition of (V, pq), and the 
rank width rw(G) of G is the rank width of (V, pa). 


Example 3.12. Figure 3.6 shows an example of a graph and a rank de- 
composition of this graph of width 1. 


It is easy to prove that rank width can be bounded in terms of branch 
width. The following theorem, which gives a tight bound, is not so obvious: 
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Theorem 3.13 (Oum [64]). For every graph G it holds that rw(G) < 
max{1, bw(G)}. 


The following example shows that the rank width of a graph can be 
substantially smaller than the branch width, and that it can also be the 
same. 


Example 3.14. It is easy to see that every rank decomposition of a com- 
plete graph has width 1. Combined with Example 3.8, this shows that the 
branch width and rank width of a graph can differ by a factor Q(n), where 
n denotes the number of vertices. 

Let I(Kn) be the graph obtained from the complete n-vertex graph Kn 
by subdividing all edges once, that is, by replacing every edge by a path of 
length 2. I(K,,) is the incidence graph of Kn. Then if n > 3 and n = 0,1 
mod 3 we have rw(I(K,,)) = bw(I(Kn)) = [(2/3) - n] [64]. 


Example 3.15. It can be shown that the rank width of an (n x n)-grid is 
at least [n/2— 2] (follows from [64]). Hence grids have both large branch 
width and large rank width. 


As for the branch width of graphs, there is an algorithm for computing 
rank width that is more efficient than the general purpose algorithm of 
Theorem 3.6. 


Theorem 3.16 (Hlineny-Oum, [51]). There is an algorithm that, given a 
graph G and a k € N, decides if rw(G) < k and computes a rank decompo- 
sition of G of width at most k if this is the case in time 


fE) në, 
where n = |V(G)|, for some computable function f. 


Rank width is related to the graph invariant clique width [17], which is 
defined in terms of a graph algebra: The clique width cw(G) of a graph G 
is the least number of constant symbols required in a term in this algebra 
describing the graph G. Oum and Seymour [65] proved that for every graph 
G it holds that 

rw(G) < ew(G) aoe ra. 


In particular, this implies that a class of graphs has bounded rank width if 
and only if it has bounded clique width. 


3.3 Courcelle’s Theorems 


For every k > 1, let B, be the class of all graphs of branch width at most k 
and Rp the class of all graphs of rank width at most k. The following theo- 
rem is usually formulated in terms of tree width, but by (3.2) the following 
“branch width version” is equivalent. 
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Courcelle’s Theorem (Courcelle, [9]). For every k, the problem 
p-MC(MSO, Bx) is solvable by a linear fpt algorithm. 


As for Theorem 3.1, we sketch two proofs. The first is a reduction to 
Theorem 3.1, whereas the second is a generalisation of the second proof of 
Theorem 3.1. 


First proof sketch. Let us fix k > 1. We reduce the model checking problem 
on the class By to that on labelled trees and then apply Theorem 3.1. We 
associate with each graph G € By a labelled tree TĦ and with each MSO- 
sentence y over graphs a sentence y* over labelled trees such that G 
p 4= Tt Eo. We shall do this in such a way that T+ is computable 
from G in linear time and that yt is computable from y. Then our model 
checking algorithm proceeds as follows: Given G € Bk and y € MSO, it 
computes T+ and y* and then tests if T* satisfies pt using the algorithm 
of Theorem 3.1. 

The mapping G — T* will not be canonical, i.e., isomorphic graphs G 
will not necessarily yield isomorphic trees Tt. The tree T+ will depend on 
the specific representation of the input graph G and on the algorithm we 
use to compute a branch decomposition of this input graph. Note that this 
does not affect the correctness of our algorithm. 

We construct T* from G as follows: Without loss of generality we assume 
that G has no isolated vertices. We first compute a branch decomposition 
(T, 6) of G of width at most k, which can be done in linear time by Theo- 
rem 3.11. Then we define a labelling of T that allows us to reconstruct G 
from the labelled tree T+ within MSO. Formally, we define the labelling in 
such a way that G is MSO-interpretable in T+. Then we can construct yt 
from y using the method of syntactic interpretations (see [32, 12]). 

We assume that T is an ordered binary tree, that is, each inner node 
has a left and a right child. Recall that, for a node t of T, Õ(t) is the set 
of all edges e of G such that e = 8(u) for some leaf u of T that appears 
in the subtree rooted at t. Let B; = OG(t) be the boundary of {(t), that 
is, the set of all vertices incident with an edge in G(t) and with an edge in 
E(G) \ (t). Since the width of (T, 8) is at most k we have |B;| < k for all 
nodes t. The labelling of the tree T+ encodes for every inner node t with 
left child tı and right child t2 how B; intersects the sets B;, and B;,. We 
assume some linear order of the vertices of G. Then there will be labels 
Piij, for i,j € [k], indicating that the ith vertex in B;, is equal to the jth 
vertex in B;, and similarly labels P2;; for t2. Note that By C By, U By, so 
these labels “determine” B;. We do not label the leaves. 

For each leaf t, the set B+ consists of the two endpoints of the edge (t) 
(unless one or both endpoints have degree 1). It is easy to write down four 
MSO-sentences eq;;(x,y), for i,j € {0,1}, such that for all leaves u,t of T 
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we have TT |= eq;;(u,v) if and only if the ith vertex in B, is equal to the 
jth vertex in B,;. Recalling our assumption that G has no isolated vertices, 
it is now easy to reconstruct G from T+ within MSO. Q.E.D. 


Second proof sketch. Let G be a graph of branch width k, and let y be an 
MSO-sentence, say, of quantifier rank q. We compute a branch decompo- 
sition (T, 3) of G of width k. We fix some linear order on the vertices of 
G. For every t € V(T) we let 6; be the ordered tuple of the elements of 
OG(t). Recall that for a subset B C E(G), by G[B] we denote the subgraph 
(U B, B) generated by B. 7 

Starting from the leaves we inductively compute tp,(G[@(0)], bt) for all 
t € V(T), applying Lemma 2.3 at every node. For this to work, it is 
important that for all nodes t with children tı and tə it holds that 


v (Gt) N G[G(t2)]) C allta) U AB(t2) 
and 03(t) C OB(t1) U OB(t2). 


Finally, we check if y € tp,(G[G(r)], br) for the root r. (Note that br is 
actually the empty tuple, but this does not matter.) Q.E.D. 


The following theorem was first proved by Courcelle [8, 11] in a version 
phrased in terms of certain graph grammars. Later, a version for clique 
width was proved by Courcelle, Makowsky, and Rotics [14], and finally the 
relation between clique width and rank width was established by Oum and 
Seymour [65]. 


Theorem 3.17 (Courcelle-Makowsky-Oum-Rotics-Seymour, [8, 65, 11, 14]). 
For every k, p-MC(MSO, Rx) is solvable by a cubic fpt algorithm. 


Proof sketch. The proof follows the same strategy as the first proof of Cour- 
celle’s Theorem: We fix k. For every graph G € Rx we construct a labelled 
tree T* such that G can be reconstructed from T* within MSO. Then 
using the method of syntactic interpretations, for every MSO-sentence y 
over graphs we obtain an MSO-sentence y* over labelled trees such that 
GE T* — yp. 

T* is obtained by suitably labelling the tree T of a rank decomposition 
(T,@) of G of width k. The difficulty here is to encode G in a labelling 
of T that uses only finitely many labels. Let t be an inner node of T with 
children tı and tg. For i = 1,2, let U; = G(t;). Furthermore, let U = U,UU2 
and W = V \ U. Then B(t) = U, and the matrices at the nodes tı, tz, t can 
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be written as 


M(Ui,V \ U1) = (M(U1,U2) M(U1,W)), 
M (Uo, V \ U2) = (M(U2,U1) M(U2,W)), 


M(U,V\U) = Ge w . 


Note that M (U2, U1) is the transpose of M (U1, U2). (We omit the subscript 
a for the matrices Mg(-,-).) 

For every node t € V(T’) we compute a set B; of at most k vertices of G 
such that the rows corresponding to the vertices in B, form a basis of the 
row space of the matrix M(U,V\U), where U = p(t). We define a labelling 
of the (inner) nodes of T as follows: Let t be an inner node with children 
ty and t2 and Uı = B(ti), U2 = B(t2), U= U, U U2 = B). Then at t the 
labelling encodes 


e the matrix M (Ba, Be), 


e for i = 1,2 and each v € B4, a representation of the row of M (U, V \U) 
corresponding to v as a linear combination of vectors of the basis 
corresponding to B; over the field GF (2). 


Note that this amounts to at most 3k? bits of information: The matrix 
requires at most k? bits, and a linear combination of k vectors over GF (2) 
requires k bits. 

We now describe how the graph G can be reconstructed from the labelled 
tree T*. The vertices of G correspond to the leaves of T*. To find out 
whether there is an edge between a vertex v1, say, with vı = (u1) anda 
vertex v2, say with vg = (u2), we proceed as follows: Let t be the first 
common ancestor of u and wz, and let tı and t2 be the children of t such that 
u; is a descendant of t;, for i = 1,2. Let U; = 8(ti) and U = U1 UU? = p(t). 
Then v; € U;. Note that Bu, = {vi}, because the matrices at the leaves 
only have one row. Hence, using the labelling, we can recursively find a 
representation of the row of the matrix M(U;,V \ U;) corresponding to v; 
as a linear combination of the rows corresponding to B;,. Then we can 
use the matrix M (Bs , Bt), which is also part of the labelling, to compute 
the entry my,v, of the matrix M (U1, U2), and this entry tells us whether 
there is an edge between vı and v2. The following example illustrates this 
construction. Q.E.D. 


Example 3.18. Consider the graph G and branch decomposition displayed 
in Figure 3.6. We define the “bases” as follows: 


t 1 2 3 4 5 6 a b c d e 
B: | {1} {2} {3} {4} {5} {6} Ø {1} {1} {4} {5} 
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Then for example, at node b the following information is stored: The matrix 


M({1}, {2}) = (1), 


and a representation of the rows rı = (1 1 1) and r2 = (0 0 0) of the matrix 
M({1, 2,3}, {4,5,6}) in terms of the row r1: 


ri= l-r, rg =0- rı. 


To determine whether there is an edge, say, between between vı = 3 and 
v2 = 5 we take the least common ancestor of the two leaves, a with 
its two children b and d. The representation of row r3 = (1 1 1) of 
M({1, 2,3}, {4,5,6}) with respect to By = {1} is r3 = 1-11, and the rep- 
resentation of row rs = (1 0 1) of M({4,5, 6}, {1,2,3}) with respect to 
Ba = {4} is r5 =1-1r4. Hence mgs = 1- 1 -m14 = 1, that is, there is an edge 
between 3 and 5. 


It follows from Theorem 3.2 that the parameter dependence of the fpt 
algorithms in the previous two theorems has to be nonelementary. 

We close this section with two remarks about strengthenings of the two 
theorems: 


Remark 3.19. Our proofs yield stronger theorems than stated: Not only is 
the MSO model checking problem fixed-parameter tractable on every class 
of graphs whose branch width is bounded, but actually the following doubly 
parameterized model checking problem is fixed-parameter tractable: 


Instance. A sentence y € MSO and a graph G 


Parameter. || + bw(G) 
Problem. Decide if G H p 


The same is true for rank width. 


Remark 3.20. It is easy to see that both theorems can be extended to 
labelled graphs. 

Courcelle’s Theorem even holds for a stronger monadic second order 
logic, denoted by MSOs, that admits quantification not only over sets of 
vertices of a graph, but also over sets of edges. This stronger result can 
easily be derived from the (labelled) version of Courcelle’s Theorem. Define 
the incidence graph I(G) of a graph G to be the graph (Vr, Er), where 
Vr = V(G) U E(G) and Er = {{v,e} | v € e}. It is not hard to see 
that for every graph G of branch width at least 2 it holds that bw(G) = 
bw(/(G)). Furthermore, every MSO2-formula over G can be translated to an 
MSO-formula over the labelled incidence graph (I(G), P), where P = E(G) 
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(The labelling is not really needed, but convenient.) Hence it follows from 
Courcelle’s Theorem that p-MC(MSOnz, Bx) has a linear fpt algorithm for 
every k > 1. 

This does not work for rank width, because the rank width of the inci- 
dence graph can be much larger than that of the original graph. Surprisingly, 
the rank width of the incidence graph of a graph is closely related to the 
branch width of the original graph. Oum [64] proved that 


bw(G) — 1 < rw(I(G)) < bw(G) 
for every graph G with at least one vertex of degree 2. 


4 First-order logic on locally tree-like classes of 
graphs 

There is not much hope for extending the tractability of monadic second- 
order model checking to further natural classes of graphs such as pla- 
nar graphs or graphs of bounded degree. Indeed, the MSO-definable 3- 
colourability problem is NP-complete even when restricted to planar graphs 
of degree 4. For first-order logic, however, the model checking problem is 
tractable on much larger classes of graphs. Seese [77] showed that first-order 
model checking admits a linear fpt algorithm on all classes of bounded de- 
gree. Later Frick and Grohe [42] proved the same for planar graphs, essen- 
tially by the general approach that we shall describe in this section. The 
crucial property of first-order logic that we exploit is its locality. 


4.1 The locality of first-order logic 


Let G = (V, E) be a graph. The distance dist (v, w) between two vertices 
v,w E V is the length of the shortest path from v to w. For every v € V 
and r € N, the r-neighbourhood of v in G is the set 


N&(v) = {w€ V | dist? (v, w) < r} 


of all vertices of distance at most r from v. For a set W C V, we let 
NE(W) = Usew NS (w). We omit the superscript © if G is clear from the 
context. The radius of a connected graph G is the least r for which there is 
a vertex v € V(G) such that V (G) C N,(v). The radius of a disconnected 
graph is oo. 

Observe that distance is definable in first-order logic, that is, for every 
r > 0 there is a first-order formula dist<,(x, y) such that for all graphs G 


and v,w E€ V(G), 


G = dist<,(v,w) <=> dist(v,w) <r. 


In the following, we shall write dist(z,y) < r instead of dist<,(x,y) and 
dist(x, y) > r instead of ~dist<, (£, y). 
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A first-order formula (x1, ..., £p) is r-local if for every graph G and all 
V1,---,Uk E V(G) it holds that 


GE v(u,...,vn) <> G[N-({u1,.-., ve})] H glv,- un): 


This means that it only depends on the r-neighbourhood of a vertex tuple 
whether an r-local formula holds at this tuple. A formula is local if it is 
r-local for some r. 

A basic local sentence is a first-order sentence of the form 


k 
dary... dry, VAN dist (x;, £j) > 2r A \ lzi) |, 


1<i<j<k i=1 


where y(x) is r-local. In particular, for every local formula y(x) the sentence 
Jx y(x) is a basic local sentence. 


Gaifman’s Locality Theorem (Gaifman, [44]). Every first-order sen- 
tence is equivalent to a Boolean combination of basic local sentences. 

Furthermore, there is an algorithm that computes a Boolean combina- 
tion of basic local sentences equivalent to a given first-order sentence. 


We shall illustrate the following proof sketch in Example 4.2 below. To 
appreciate the cleverness of the proof, the reader may try to find a Boolean 
combination of basic local sentences equivalent to the simple sentence y = 
Ardy (-E(2x,y) \ P(x) AQ(y)) considered in the example before reading the 
proof. 


Proof sketch. The proof is by structural induction on first-order formulas. 
To enable this induction, we need to prove a stronger statement that also 
includes formulas with free variables. We say that a first-order formula is in 
Gaifman normal form (GNF) if it is a Boolean combination of basic local 
sentences and local formulas. 


Claim 4.1. Every first-order formula is equivalent to a formula in GNF. 


Proof. The claim is trivial for atomic formulas, because all atomic formulas 
are 0-local. It obviously extends to Boolean combinations of formulas. Uni- 
versal quantification can be reduced to existential quantfication and nega- 
tion. The only remaining case is that of existentially quantified formulas 


p(z) = 3y Y(T, y), 


where (z, y) is in GNF. We may assume that w(Z, y) is of the form 


V (xi ^ &i(z,y)), 


< 
Il 
m 
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where each x; is a Boolean combination of basic local sentences and each 
&;(%, y) is local. Here we use the simple observation that a Boolean combi- 
nation of local formulas is local. Then y(Z) is equivalent to the formula 


VV (xi A Iy &:(Z,y)). 


i=l 
It remains to prove that each formula 


yg’ (&) = 3y (z, y), 


where €(Z, y) is local, is equivalent to a formula in GNF. Let r > 0 such 
that €(Z, y) is r-local. We observe that y’(Z) is equivalent to the formula 


Ay (dist(z, y) < 2r +1A (z, y)) V Jy(dist(z, y) > 2r +1 A €(z,y)), (4.1) 


where dist(z,y) < 2r + 1 abbreviates \/;dist(a;,y) < 2r +1. The first 
formula in the disjunction (4.1) is (3r + 1)-local. Hence we only need to 
consider the second, 3y (dist(Z, y) > 2r+1A€(Z,y)). Using Lemma 2.3 and 
the r-locality of €(Z, y), it is not hard to see that this formula is equivalent 
to a Boolean combination of formulas of the form 


¢(z) A Iy (dist(z, y) > 2r +1 A n(y)), 


where ¢(Z) and 7(y) are r-local. Let r’ = 2r +1. It remains to prove that 


p" (z) = Iy(dist(z, y) > r' A n(y)) 


is equivalent to a formula in GNF. This is the core of the whole proof. Sup- 
pose that # = (£1,..., £k). Let G be a graph and 0 = (v,..., ux) E V(G)*. 
When does G | p” (v) hold? Clearly, it holds if there are w1,...,we41 of 
pairwise distance greater than 2r’ such that G = n(w;) for all j, because 
each r’-neighbourhood N, (v;i) contains at most one w; and hence there is 
at least one w; of distance greater than r’ from all the v;. For £ > 1, let 


be = 3y... Ief \ dist(y;, yj) > 2r’ A n(yi)): 
1<i<j<e 


Note that 62 is a basic local sentence. We have just seen that 6,41 implies 
yp (Z). But of course y” (z) may also hold if 6,41 does not. Let us return 
to our graph G and the tuple « € V(G)*. Let £ > 1 be maximum such that 
G H= 0; and suppose that £ < k. In the following case distinction, we shall 


determine when G — ọ” (v0). 


Case 1: There are no wy,...,we E N,’({v}) of pairwise distance greater 
than 2r’ such that G — ņn(w;) for all j. 
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As G | @, this implies that there is at least one w ¢ N,-({0}) such that 
GE n(w). Hence GE y” (0). 
Case 2: There is a w E€ Nar (U) such that w ¢ Ny (v) and GE n(w). 
Then, trivially, GE g” (©). 
Case 3: Neither Case 1 nor Case 2, that is, there are w1,...,we E Ny ({v}) 
of pairwise distance greater than 2r’ such that G — n(w,) for all j, and 
there is no w € N3r (U) \ Nr (U) such that G H 7(w). 

Then G jÆ g" (v). To see this, suppose for contradiction that there is a 
w € V(G) such that w ¢ Ne ({0}) and G H n(w). Then w ¢ Nzr({0}) and 
therefore dist(w,;,w) > 2r’ for all j € [4]. Thus G } 0e+1, which contradicts 
the maximality of £. 


Hence G — y’”(%) if any only if we are in Case 1 or 2. Note that 
the conditions describing these cases can be defined by local formulas, say, 
yei(Z) and y2(Z). Thus if G H 0e A 76¢41, then G H g” (v) if and only if 
G EF y1 (0) V %e,2(0). 

Overall, y” (T) is equivalent to the formula 


k41 V V (be N Bes A^ (Ye 1 (2) V Ye,2(2 NE 


l=1 


which is in GNF. Q.E.D. (Claim 4.1) 


It is not hard to show that our construction yields an algorithm that com- 
putes a formula in GNF equivalent to a given first-order formula. Q.E.D. 


Example 4.2. Let us follow the proof of Gaifman’s theorem and construct 
a Boolean combination of basic local sentences equivalent to the sentence 


p = Ardy(E(a,y) A P(x) ^ Q(y)), 


which is a sentence over labelled graphs with labels P and Q. 
The quantifier free formula yo(z, y) = (7E(a, y)AP(x)AQ(y)) is O-local. 
Hence we start the construction with the formula 


gi(2) = Jy(>E(a,y) A P(x) A Q(y)). 
yi(x) is equivalent to the formula 
g = P(x) Aay(“E(a,y) ^ Q(y)). 


Splitting Iy(~E(x, y) A Q(y)) with respect to the distance between x and 
y as in (4.1) (with r = 0) and simplifying the resulting formula, we obtain 


A (Qa) V dy(dist(x,y) > 1A QHy))). 


388 M. Grohe 


It remains to consider the formula f(x) = Jy(dist(x,y) > 1A Q(y)). 
Following the proof of Gaifman’s theorem (with y” = y1, nly) = Q(y), 
r = 0, and k = 1), we obtain the following equivalent formula in GNF: 


ol! (a) =b V Q A 762 A (~ Ay(dist(x, y) < 1A Q(y)) 


( 
V By(dist(e,y) < 3 A dist(z, y) > 1A Q(y)))) 


where 6; = JyıQ(yı) and 02 = yi dye (dist(y1, y2) > 2A Q(y1) A Q(y2))- 
Hence y}(x) is equivalent to the formula P(x) A (Q(z) V p1’ (x)). The step 
from yi(x) to y = Jrg: (x) is simple, because there are no free variables left. 
By transforming the formula P(x) A (Q(x) V ¢{’(x)) into disjunctive normal 
form and pushing the existential quantfier inside, we obtain the formula: 


Ja (P(x) A Q(2)) 
V (az P(x) A 62) 
v (3x(P(2) A ~ay(dist(x, y) < 1A Q(y))) A 01 A 02) 


v(32(P(2) A Ay(dist(x, y) < 3 A dist(x,y) > 1A Q(y))) AAA 02). 


Observe that this is indeed a Boolean combination of basic local sentences 
equivalent to y. A slightly simpler Boolean combination of basic local sen- 
tences equivalent to y is constructed in Example 3 of [50] by a different 
technique. 


It has recently been proved in [20] that the translation of a first-order 
sentence into a Boolean combination of basic local sentences may involve a 
nonelementary blow-up in the size of the sentence. 


4.2 Localisations of graph invariants 


Recall that G denotes the class of all graphs. For every graph invariant 
f :G — N we can define its localisation Ls : G x N — N by 


GAS max { f (GĪN,(v)]) | ve v(a)}. 


Hence to compute ¢;(G,r), we apply f to every r-neighbourhood in G and 
then take the maximum. We say that a class C of graphs has locally bounded 
f if there is a computable® function g : N > N such that €¢(G,r) < g(r) 
for all G € C and all r € N. 


5 It would be more precise to call this notion “effectively locally bounded f”, but this 
would make the terminology even more awkward. 
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Example 4.3. One of the simplest graph invariants is the order of a graph. 
Observe that a class of graphs has locally bounded order if and only if it 
has bounded degree. 

Moreover, if a class C has bounded degree then it has locally bounded f 
for every computable graph invariant f. 


In this section, we are mainly interested in the localisation of branch 
width. Maybe surprisingly, there are several natural classes of graphs of 
locally bounded branch width. We start with two trivial examples and then 
move on to more interesting ones: 


Example 4.4. Every class of graphs of bounded branch width has locally 
bounded branch width. 


Example 4.5. Every class of graphs of bounded degree has locally bounded 
branch width. This follows immediately from Example 4.3. 


Example 4.6 (Robertson-Seymour-Tamaki, [70, 78]). The class of planar 
graphs has locally bounded branch width. More precisely, a planar graph 
of radius r has branch width at most 2r +1. 

Let me sketch the proof. Let G be a planar graph of radius r, and let vo 
be a vertex such that V(G) C N,(vo). We show how to recursively partition 
the edge set of G in such a way that at each stage, the boundary of each part 
has cardinality at most 2r +1. This will give us a branch decomposition of 
width at most 2r + 1. 

Without loss of generality we may assume that G is 2-connected; if it is 
not, we first decompose it into its 2-connected blocks. Figure 4.1 illustrates 
the following steps. We fix a planar embedding of G, and let C be the 
exterior cycle. We pick two vertices v,w on C and shortest paths P,Q 
from vo to v, w, respectively. Then we cut along P and Q. This gives us a 
partition of E(G) into two parts whose boundary is contained in V(PUQ). 
We can add the edges in E(P U Q) arbitrarily to either of the two parts. 
Now we consider each of the parts separately. The boundary cycle consists 
of P, Q, and a piece of the cycle C. If this piece of C is just one edge, we can 
split it off and then further decompose the rest. Otherwise, we pick a vertex 
x on the piece of C and a shortest path R from vo to x. We obtain two new 
parts with boundaries V(P U R) and V(Q U R). We partition these new 
parts recursively until they only consist of their boundaries, and then we 
partition the rest arbitrarily. Of course this proof sketch omits many details 
and special cases. For example, the vertex vg could be on the exterior cycle 
to begin with. I leave it to the reader to work out these details. 

The branch decomposition in Figure 3.3 was obtained by this method. 
Note that the graph has radius 2, with centre vg being the vertex inci- 
dent with the edges m and j. The initial paths P and Q have edge sets 
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Bı Bə 
(b) Part B is cut again along R 


Bs \ {6} 


(c) Edge e = {w, x} is split off part B2 


FIGURE 4.1. Schematic branch decomposition of a planar graph 
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E(P) = {s,m} and E(Q) = {j}. The right part consists of the edges 
a,b,c, k,d,e, f,l,0,n,u,t,w,p,v,g. The edges of PU Q were added to the 
left part. In the next step, the right part was split along the path R 
with E(R) = {k,e}. The right part of this split consists of the edges 
f,l,0,n,u,t,w,p,v,g. The edge f immediately can be split off, and the 
new boundary cycle is w,q,!,k,m,s. The new splitting path consists of the 
edge o, et cetera. 


Example 4.7 (Eppstein, [34]). The genus of a graph is the minimum genus 
of an orientable or nonorientable surface the graph can be embedded into. 
For every k, the class of all graphs of genus at most k has locally bounded 
branch width. Moreover, for every k the class of all graphs of crossing 
number at most k has locally bounded branch width. 


In the next example, we shall construct an artificial class of graphs of 
locally bounded branch width. It serves as an illustration that the global 
structure of graphs of locally bounded branch width can be quite compli- 
cated. In particular, this example shows that there are classes of graphs 
of locally bounded branch width and of unbounded average degree. Recall 
that if a class C of graphs has unbounded average degree then the size of the 
graphs in C is superlinear in their order. The graph classes in all previous 
examples have bounded average degree and thus size linear in the order. 
For planar graphs and graphs of bounded genus, this follows from Euler’s 
formula. 


Example 4.8 (Frick-Grohe, [42]). Recall that the girth of a graph is the 
length of its shortest cycle, and the chromatic number is the least number 
of colours needed to colour the graph in such a way that no two adjacent 
vertices receive the same colour. We shall use the well-known fact, due to 
Erdés [35], that for all g,k > 1 there exist graphs of girth greater than g 
and chromatic number greater than k. The proof of this fact (see [2]) shows 
that we can effectively construct such a graph Gg, for given g and k. 

Then for every k > 1, every graph Gk,k must have a subgraph Hp of 
minimum degree at least k; otherwise we could properly colour G with k 
colours by a straightforward greedy algorithm (see [25], Corollary 5.2.3). 
Let Hk C Gk,k be such a subgraph. As a subgraph of G;, the graph Hp 
still has girth greater than k. 

Let C = {Hk | k > 1}. Then C has unbounded minimum degree 
and hence unbounded average degree. Nevertheless, C has locally bounded 
branch width. To see this, simply observe that the r-neighbourhood of ev- 
ery vertex in a graph of girth greater than 2r + 1 is a tree. As the branch 
width of a tree is at most 2, for every graph H € C and every r > 1 we have 


low (H, r) < max ({ bw(Hx) |k < 2r+1}U {2}). 
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4.3 Model checking algorithms 

Theorem 4.9. Let f be a graph invariant such that the following pa- 
rameterization of the model checking problem for first-order logic is fixed- 
parameter tractable: 


p-MC(FO, f) 
Instance. A sentence y € FO and a labelled graph G 


Parameter. |y|+ f(G) 
Problem. Decide if GE y 


So for every class C of graphs of locally bounded f, the problem p-MC(FO, C) 
is fixed-parameter tractable. 


The proof of the theorem relies on Gaifman’s Locality Theorem and the 
following lemma: 


Lemma 4.10 (Frick-Grohe, [42]). Let f and C be as in Theorem 4.9. Then 
the following problem is fixed-parameter tractable: 


Instance. A labelled graph G = (V, E, P) € Cu andk,r € N 
Parameter. k+r 


Problem. Decide if there are vertices v1,..., Ug € P such that 
dist(v;, vj) > 2r for l<i<j<k 


For simplicity, we only prove the lemma for graph invariants f that are 
induced-subgraph-monotone, that is, for all graphs G and induced subgraphs 
H C G we have f(H) < f(G). Note that both branch width and rank width 
are induced-subgraph-monotone. 


Proof sketch of Lemma 4.10. Given G = (V, E, P) and k,r € N, we first 
compute a maximal (with respect to inclusion) set S C P of vertices of 
pairwise distance greater than 2r. If |S| > k, then we are done. 

Otherwise, we know that P C Nər(S). Let H be the induced subgraph 
of G with vertex set Nsr(S). As |S| < k, the radius of each connected 
component of H is at most (3r + 1) - k. Hence, because f is induced- 
subgraph-monotone, 


f(A) < l4(G, (3r + 1) < k) < g((3r + 1) : k), 


where g is a function witnessing that C has locally bounded f. 
Since P C Nə (S) and V(H) = N3,(S), for all vertices v, w € P it holds 
that dist? (v, w) > 2r if and only if dist” (v, w) > 2r. Hence it remains to 
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check whether H contains k vertices labelled P of pairwise distance greater 
than 2r. This is equivalent to saying that H satisfies the first-order sentence 


k 
dx... dr, VAN dist(x;, £j) > 2r A \\ P(ax;) 
1<i<j<k i=l 
We can use an fpt algorithm for p-MC(FO, f) to check this. Q.E.D. 


Proof sketch of Theorem 4.9. Let G = (V,E) € C and » € FO. We first 
transform y into an equivalent Boolean combination of basic local sentences. 
Then we check separately for each basic local sentence in this Boolean com- 
bination whether it is satisfied by G and use the results to determine whether 
y holds. 


So let us consider a basic local sentence 


k 


w= 3x1... I£k \ dist(x;, xj) > 2r A A xli) f 


1<i<j<k i=l 


where x(x) is r-local. For each vertex v of G we check whether G[N,(v)] 
satisfies x(v) using an fpt algorithm for p-MC(FO, f). We can do this 
within the desired time bounds because f (G|N, (v)]) < £¢(G,r). If GLN-(v)| 
satisfies y(v), we label v by P. To determine whether G satisfies Y, we 
have to check whether the labelled graph (V, Æ, P) has k vertices in P of 
pairwise distance greater than 2r. By Lemma 4.10, this can be done by an 
fpt algorithm. Q.E.D. 


Corollary 4.11 (Frick-Grohe, [42]). For every class C of graphs of locally 
bounded branch width, p-MC(FO,C) is fixed-parameter tractable. 


Corollary 4.12. For every class C of graphs of locally bounded rank width, 
p-MC(FO,C) is fixed-parameter tractable. 


Let me close this section with a few remarks on the running time of the 
model checking algorithms. 


Remark 4.13. We first look at the exponent of the fpt algorithms. An 
analysis of the algorithms described above shows that for every class C 
of locally bounded f we obtain an fpt algorithm for p-MC(FO,C) with 
exponent c+1, where c is the exponent of an fpt algorithm for p-MC(FO, f). 
Hence for classes of locally bounded branch width, this yields a quadratic 
fpt algorithm, and for classes of locally bounded rank width, it yields an fpt 
algorithm with exponent four. 

For classes C of locally bounded branch width, the exponent can be 
brought arbitrarily close to 1; more precisely, for every £ > 0 there is an fpt 
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FIGURE 5.1. Contraction of edge e 


algorithm for p-MC(FO,C) with a running time of f(k) -|G|'*© [42]. Note 
that we cannot hope to find an fpt algorithm that is linear in the order for 
general classes of locally bounded branch width, because by Example 4.8 
there are classes C of locally bounded branch width and unbounded average 
degree, which implies that the size of the graphs in C is not linearly bounded 
in the order (and thus an algorithm that is linear in the order cannot even 
read the whole input graph). It is an open question whether for every 
class C of graphs of locally bounded branch width there is an fpt algorithm 
p-MC(FO,C) that is linear in the size ||G|| of the input graph. 

For specific classes C, such as the class of planar graphs and classes of 
bounded genus or bounded degree, it is known that there are fpt algorithms 
that are linear in the order [42, 77]. 

Finally, let us look at the parameter dependence of the fpt algorithms. 
In general, it is again nonelementary by Theorem 3.2, because our classes 
contain the class of all trees. However, classes of graphs of bounded degree 
do not contain all trees, and it turns out that for such classes there are 
fpt algorithms with an elementary parameter dependence. For the class 
Dk of graphs of degree at most k > 3, there is a linear fpt algorithm for 
p-MC(FO, Dg) with a triply exponential parameter dependence, and there 
is a matching lower bound, which even holds on labelled binary trees [43]. 


5 Digression: Graph minor theory 


A graph H is a minor of a graph G if H can be obtained from G by deleting 
vertices, deleting edges, and contracting edges. Contracting an edge means 
removing the edge, identifying its two end vertices, and possibly removing 
the resulting parallel edges. Figure 5.1 illustrates this. We write H < G 
if H is isomorphic to a minor of G. A minor mapping from H to G is 
a mapping yu that associates with each v € V(H) a connected subgraph 
p(v) C G and with each e € E(H) an edge p(e) € E(G) such that: 


e for all v Æ w, the graphs pu(v) and p(w) are vertex disjoint; 


e for alle = {v,w} € E(H), the edge p(e) is incident to a vertex 
vo’ € V(u(v)) and a vertex w’ € V (u(w)). 


It is easy to see that H < G if and only if there is a minor mapping from 
H to G. Observe that the graphs (v) of a minor mapping u can be chosen 
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FIGURE 5.2. An image of Ks in a nonplanar graph 


to be trees. If u is a minor mapping from H to G, we call the graph 


HE) =( U Vew) U Eww) u {ule | ee BU)}) 


vEV(H) veV (H) 


an image of H in G.® Figure 5.2 shows an example. 
For every graph H, we let 


X(H) = {G | H ZG}. 


We say that a class C of graphs excludes H if C C X(H). For a class H of 
graphs, we let 


X(H) = () X(H) = {G| H 4G for all H € H}. 
HEH 

A class C of graphs is minor-closed if for every graph G € C and every 
H < G it holds that H € C. Observe that a class C of graphs is minor- 
closed if and only if it can be defined by excluding minors, that is, there is a 
class H such that C = 4(H) (just take H = G \ C). Robertson and Seymour 
proved that every minor-closed class of graphs can actually be defined by 
excluding finitely many minors: 


Graph Minor Theorem (Robertson-Seymour, [75]). For every minor- 
closed class C of graphs there is a finite class F of graphs such that 


C= X(F). 
Many natural classes of graphs are minor-closed: 


Example 5.1. Every cycle can be contracted to a triangle K3. Hence the 
class of forests (acyclic graphs) is precisely ¥ (K3). 


6 In the literature, the term “model” is used instead of “image”. We prefer “image” 
here to avoid confusion with “models” in the logical sense. 
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Example 5.2. For every k > 1, the class By of all graphs of branch width 
k is minor-closed. Let me suggest it as an exercise for the reader to prove 
this. Furthermore, it holds that B2 = X (K4) [72]. 


Example 5.3. Series-parallel graphs and outerplanar graphs exclude K4. 
It can be shown that ¥ (K4) is precisely the class of all graphs that are 
subgraphs of series-parallel graphs (see [25], Exercise 7.32). V({K4, K2,3}) 
is the class of outerplanar graphs (see [25], Exercise 4.20). 


Example 5.4. By Kuratowski’s well-known theorem [55] (or, more pre- 
cisely, by a variant due to Wagner [83]), the class of planar graphs is 
X({Ks, K3,3}). 


Example 5.5. For every k > 0, the class of all graphs of genus k is minor- 
closed. 


Note that all previous examples of minor-closed classes also have locally 
bounded branch width. But this is a coincidence, as the following example 
shows. 


Example 5.6. A graph G is an apex graph if there is a vertex v € V(G) 
such that G \ {v} is planar. The class of all apex graphs is minor-closed. 

The class of apex graphs does not have locally bounded branch width. 
To see this, consider the “pyramid graphs” P,, obtained from the (n x n)- 
grid Gnxn by adding a new vertex and connecting it to all vertices of the 
grid. Obviously, the pyramid graphs are apex graphs, and for every n > 1 
we have 

Low(Pn, 1) > bw(Gnxn) >, 


where the second inequality holds by Example 3.10. 


Example 5.7. A graph is knot free if it can be embedded into R® in such 
a way that no cycle of the graph is knotted in a nontrivial way. It is easy 
to see that the class of all knot free graphs is minor-closed. 

Similarly, the class of all graphs that can be embedded into R? in such 
a way that no pair of cycles is linked is minor-closed. 


Let me also mention a “non-example”: The class of all graphs of crossing 
number k > 1 is not minor-closed. 


5.1 Structure theory 


The proof of the graph minor theorem relies on a deep structure theory for 
classes of graphs with excluded minors. While it is far beyond the scope of 
this survey to describe this theory in adequate detail, or even give a precise 
statement of the main structural result, I would like to give the reader a 
glimpse of the theory, because the model checking algorithms for graphs 
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with excluded minors heavily rely on it. Let me start with a disclaimer: 
The following intuitive remarks may make a nice story, but they do not 
always reflect the actual proofs and thus should be taken with some care. 

Suppose we have a class C with excluded minors. Then C C ¥ (Kx) for 
some k, because every graph is a minor of some complete graph. We fix 
C and k for the rest of this section. We want to describe the structure of 
the graphs in C by “decomposing” them into “simple” building blocks. We 
shall define later what exactly we mean by “decomposing” a graph. For 
now, let us just remark that if a graph has bounded branch width, then we 
can decompose it into pieces of bounded size. Thus we are mainly interested 
in classes C of unbounded branch width. The following theorem, which is 
one of the fundamental results of the whole theory, gives us a handle on the 
structure of graphs of unbounded branch width: 


Excluded Grid Theorem (Robertson-Seymour, [71]). There is a com- 
putable function f such that for every k > 1 and every graph G, if bw(G) > 
f(k) then Gkxk < G. 


A proof of this theorem can be found in [25]. 


The Excluded Grid Theorem tells us that if our class C has unbounded 
branch width, then the graphs in C contain large grids as minors. Now we 
can try to use these large grids as “coordinate systems” and describe the 
structure of the graphs relative to the grids. So suppose we have a graph 
G € C with a large grid minor, and let H C G be the image of a large 
grid. Let us further assume that G is highly connected; if it is not we first 
decompose it into highly connected parts and then consider each of them 
separately. We come back to this decomposition process later. We think of 
the grid as embedded into the plane and the rest of G being glued onto H. It 
can be proved now that G\H must be glued onto H in a fairly “orderly” way: 
If there are many pairwise far apart “crossings” in the interior of G then 
we can find a Kp-minor in G, which is impossible because G € C C X(Kx). 
Here a crossing consists of two pairwise disjoint paths with endpoints v1, v3 
and v2, v4 respectively, such that v1, v2, v3, v4 occur in this clockwise order 
on some cycle of the grid. Figure 5.3 shows a grid with two crossings. 
This leaves us with the following structure: There is a bounded number 
of vertices, called apices, that are connected to the grid in an arbitrary 
fashion. After removing the apices, there still may be many crossings, but 
they must be grouped together into a bounded number of small regions, 
called vortices. Apart from the apices and the vortices, the rest of G must 
fit nicely into the planar structure of the grid, that is, the components of 
G \ H are planar pieces, each of which can be embedded into a “square” of 
the grid. However, so far we have only talked about the interior of the grid. 
There may be connections between different parts of the exterior cycle of 
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FIGURE 5.3. A grid with two crossings 


the grid, but they cannot be too wild either, because otherwise we could 
find a large clique minor again. We can subdivide the exterior cycle into a 
bounded number of segments and stick some of these together. This gives 
us a graph that can be embedded into a surface of bounded genus (recall 
that every surface can be obtained by gluing together edges of a convex 
polygon in the plane). Thus after removing a bounded number of apices 
and vortices, G can be embedded into a surface of bounded genus. We say 
that G has almost bounded genus. We assumed that G is highly connected; 
if it is not then we can decompose it into pieces with this property. This is 
Robertson and Seymour’s main structure theorem [74]: For every class C 
of graphs with an excluded minor, the graphs in C can be decomposed into 
graphs that have almost bounded genus. 

Let us now make it precise what we mean by “decomposing” a graph. 
Intuitively, we want to recursively split the graph along small separators un- 
til there no longer are small separators and the graph is highly connected. 
But if we do this, we lose too much structure in the decomposition process, 
because two vertices that are far apart on one side of the partition may 
be close together on the other side and hence in the original graph. Thus 
“locality”, and similarly “connectivity”, may be destroyed in the decom- 
position process, and this is something we would like to avoid. We take a 
very drastic approach: Whenever we separate a graph, on both sides we 
add edges between all vertices in the separator. 

We call a graph G a clique sum of graphs G; and Gə (and write G = 
G1 © G2) if Gi N G2 is a complete graph, V(G) = V(G1) UV(G2), E(G) C 
E(Gi) UE(G2), and E(G1) \ E(G) C E(G2), E(G2)\ E(G) C E(G1). Thus 
G is a subgraph of G1 U G2 obtained by possibly deleting some of the edges 
in Gi G2. Figure 5.4 illustrates this. Note that we are slightly abusing 
notation here because there may be several non-isomorphic graphs G such 
that G = G1 @ Go. 

A clique sum decomposition of a graph G is a pair (T, y) consisting 
of a binary tree T and a mapping y that associates a graph y(t) with 
every node t € V(T) such that y(r) = G for the root r of T and y(t) = 
(ti) ® (tz) for all nodes t with children tı, t2. Figure 5.5 shows an example 
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FIGURE 5.5. A clique sum decomposition 


of a clique sum decomposition of a graph. The decomposition in Figure 5.5 
is complete in the sense that the graphs at the leaves cannot be decomposed 
any further. In general, the clique sum decompositions we are interested in 
are not necessarily complete. 

We call the graphs y(t) in a clique sum decomposition (T,y) the parts 
of the decomposition and the parts y(t) for the leaves t the atomic parts, or 
just atoms. (T,7) is a clique sum decomposition over a class A of graphs if 
all atoms of (T,y) belong to A. We call a graph decomposable over A if it 
has a clique sum decomposition over A and denote the class of all graphs 
that are decomposable over A by D(A). 


Example 5.8. Let k > 1, and let O; be the class of all graphs of order at 
most k. If a graph G is decomposable over Ok, then bw(G) < max{k, 2}. 
Let me suggest it as an exercise for the reader to verify this simple fact. 
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Conversely, it is not too hard to prove that if a graph has branch width 
at most k, then it is decomposable over O/(3/2).4]- 

Let me remark that a graph has tree width k if and only if it is de- 
composable over Ox41. This follows from the fact that a graph has tree 
width at most k if and only if it is a subgraph of a chordal graph of clique 
number k + 1 (see Corollary 12.3.12 of [25]). The result for branch width 
then follows by (3.2). 


I leave it as an exercise to prove the following simple lemma: 


Lemma 5.9. If a class A of graphs is minor-closed, then the class D(A) is 
also minor-closed. 


Robertson and Seymour’s structure theorem for classes of graphs with 
excluded minors can now be stated slightly more precisely as follows: For 
every class C of graphs with an excluded minor there is a class A of graphs 
that have almost bounded genus such that C C D(A). Of course this still 
leaves it open what exactly is meant by “almost bounded genus”. We refer 
the curious reader to the last chapter of Diestel’s book [25] for a more 
comprehensive introduction to the theory, or to Robertson and Seymour’s 
original article [74]. 

We close this section by stating a simplified version of a Robertson and 
Seymour’s structure theorem that will be sufficient for our purposes. Recall 
that bw denotes the localization of branch width. Minor-closed classes of 
locally bounded branch width are particularly well behaved. Eppstein [33, 
34] proved that a minor closed class C has locally bounded branch width if 
and only if it does not contain all apex graphs (recall the definition of apex 
graphs from Example 5.6). Demaine and Hajiaghayi [22] proved that if a 
class of graphs has locally bounded branch width, then there actually is a 
linear bound on the local branch width, that is, there is a A > 1 such that 
for all G € C and for all r > 1 it holds that /bw(G,r) < A-r. This motivates 
the definition of the following classes of graphs, for every A > 1: 

Ly = {G | &w(H,r) < à- r for all H < G}. 


For every u > 0, we define a class of graphs that are 


Lan = {G| IX CV(G): |X| < u and G\ X € La}. 


‘u-close” to Ly: 


Theorem 5.10 (Grohe, [47]). For every class C with excluded minors, there 
exist nonnegative integers A, u such that 


CCD(Ly,,)- 


To obtain this result from Robertson and Seymour’s structure theorem, 
one only has to prove that graphs of almost bounded genus are in £)_,, for 
suitable A, u. This is not very difficult. 
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5.2 Algorithms 

Before we get back to model checking problems, let me briefly describe 
some other algorithmic applications of graph minor theory. Consider the 
following two parameterized problems: 


p-DISJOINT- PATHS 

Instance. A graph G and vertices s1,t1,...,8,th E€ V(G) 

Parameter. k 

Problem. Decide if there are pairwise disjoint paths P;, for 
i € [k], from s; to t; in G 


p-MINOR 

Instance. Graph G, H 
Parameter. |H] 

Problem. Decide if H < G 


For neither of the two problems, it is even obvious that they belong to 
the class XP, that is, can be solved in polynomial time for fixed k, |H], 
respectively. For DISJOINT-PATHS, this was a long standing open problem 
posed by Garey and Johnson [45]. Robertson and Seymour proved that 
both problems are fixed-parameter tractable: 


Theorem 5.11 (Robertson-Seymour, [73]). p-DISJOINT-PATHS and 
p-MINOR have cubic fpt algorithms. 


The reader may wonder why we combine both problems in one theorem. 
The reason is that they are both special cases of the more general rooted 
minor problem. A rooted graph is a tuple (G, v1, ..., Upg), where G is a graph 
and v1,..., Uk E V (G), and a rooted graph (H, w1,..., wz) is a rooted minor 
of a rooted graph (G, v1,..., Up) if there is a minor map u from H into G 
such that v; € V(u(w;)) for all i € [k]. The parameterized problem p- 
ROOTED-MINOR is defined as p-MINOR, but for rooted graphs. I leave it to 
the reader to reduce p-DISJOINT-PATHS to p-ROOTED-MINOR. Robertson 
and Seymour proved that p-ROOTED-MINOR has a cubic fpt algorithm. 

To get an idea of the proof it is easiest to look at the disjoint paths 
problem. Suppose we are given a graph G and s1,t1,.-.,Sk,tk E€ V(G). 
Let us further assume, to simplify the presentation, that G is 2k-connected. 
If Ksk < G, then we know that there are disjoint paths from the s;s to 
the t;s: As the graph is 2k-connected, by Menger’s theorem we can find 
disjoint paths from s1,t),...,5%,t, to an image of K3,. Then in the image 
of K3,, we can connect the pieces in the right way because all connections 
are there. This is not entirely trivial, because we only have an image of 
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Kez, and not a subgraph, but it can be done. So now we can assume that 
Ksk £ G, and we can apply the structure theory for graphs with excluded 
K3,. If the branch width of G is bounded, we can solve the disjoint paths 
problem easily, for example, by applying Courcelle’s theorem. If the branch 
width is large, then by the Excluded Grid Theorem, we can find a large 
grid in G. By the arguments described above, we can now find a small set 
of vertices such that after removing these vertices, the whole graph G fits 
nicely into the planar structure of the grid. Passing to a smaller grid if 
necessary, we may assume that all the s; and t; are outside the grid. Now 
it can be proved that if there are disjoint paths from s; to t; for all i € [k], 
then there are such paths that avoid the middle vertex of the grid (say, the 
grid has odd order). Intuitively, it is plausible that if we have a very large 
grid and k disjoint paths traversing the grid, then we can always re-route 
them to avoid the middle vertex. Proving this formally turns out to be the 
most difficult part of the whole proof [68, 69]. It builds on the full structure 
theory described in the previous section. However, once this is done, we 
know that we can delete the middle vertex of the grid and obtain a smaller 
graph G” such that there are disjoint paths from s; to t; for all i € [k] in G 
if and only if there are such paths in G’. We repeatedly delete “irrelevant” 
vertices this way until we obtain a graph of bounded branch width, and 
then we solve the problem on this graph. This completes our outline of the 
proof of Theorem 5.11. 


Combined with the Graph Minor Theorem, Theorem 5.11 has the following 
stunning consequence. 


Corollary 5.12. Every minor-closed class C of graphs is decidable in cubic 
time. 


Note that a priori there is no reason why every minor-closed class C of 
graphs should be decidable at all. Remarkably, Corollary 5.12 just claims 
the existence of algorithms, without actually giving us the algorithms. For 
example, by Example 5.7 it implies the existence of a cubic time algorithm 
for deciding whether a graph is knot free. But we still do not know such an 
algorithm! The reason is that we do not know a finite family of excluded 
minors defining the class of knot free graphs. Corollary 5.12 is constructive 
in the sense that if we are given a finite family of excluded minors that 
defines the class C, then we can construct a cubic time algorithm deciding 
C. However, for many minor-closed classes we do not know such a finite 
family. 

In recent years, there has been a substantial body of work on algorithms 
for graph problems restricted to graph classes with excluded minors or even 
generalisations of such classes [1, 21, 23, 24, 47, 53]. The algorithmic meta 
theorems presented in the following section should be seen in this context 
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as an attempt to get a more global view on the potentials of algorithmic 
graph minor theory. 


We close this section with a lemma that we shall need in the next section. 


Lemma 5.13. For every minor-closed class A of graphs there is an algo- 
rithm that, given a graph G € D(A), computes a clique sum decomposition 
of G over A in time O(n°). 


Note that, in particular, the lemma implies an algorithmic version of 
Theorem 5.10: For every class C with excluded minors there is a polynomial 
time algorithm that, given a graph in C, computes a clique sum decompo- 
sition of G over £L) ,. 


Proof sketch of Lemma 5.13. Recall that if we write G = G ® Gg, this im- 
plies that V(G1NG2) induces a clique in both G; and G2, but not necessarily 
in G. If it also induces a clique in G, and hence G = G1 U G2, we call the 
clique sum simplicial. We call a clique sum decomposition (T, y) a simplicial 
decomposition if the clique sums at all nodes of T are simplicial. We call a 
simplicial decomposition complete if its atoms can not be decomposed any 
further. Simplicial decompositions are much easier to handle than clique 
sum decompositions. Tarjan [79] showed that a separating clique of a graph 
can be found in quadratic time. This implies that a complete simplicial 
decomposition of a graph can be found in cubic time. 

Observe that if a graph G has a clique sum decomposition over A, then 
some supergraph G’ D G with the same vertex set has a simplicial decom- 
position over A. As A is closed under taking subgraphs, we may actually 
assume that this simplicial decomposition is complete. 

To compute a clique sum decomposition of a graph G over A, we proceed 
as follows: We add a maximal set of edges to G so that the resulting graph G’ 
is still in the class D(A). We can do this in time O(n), testing membership 
in the minor-closed class D(A) in cubic time for every potential edge. Then 
we compute a complete simplicial decomposition of the graph G’. This also 
gives us a clique sum decomposition of G. Q.E.D. 


6 First-order logic on graph classes with excluded 
minors 


Let C be a class of graphs with excluded minors. Our goal is to design an fpt 
algorithm for the first-order model checking problem on C. Recall that by 
Theorem 5.10, the graphs in C are decomposable into graphs that “almost” 
have locally bounded branch width, where almost means after removing a 
bounded number of vertices. We know how to deal with graphs of locally 
bounded branch width, and it is not hard to extend this to graphs of almost 
locally bounded branch width. Moreover, we know how to deal with tree 
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structured graphs. By combining these things, so it seems, it should not be 
too hard to obtain the desired result. This is true, but there are technical 
difficulties to overcome. 

We say that a tuple v of vertices of a graph G induces a clique in G 
if G|{v}] is a complete graph. We write G = G’ @5 H to denote that 
G is a clique sum of graphs G’ and H with V(G’) O V(A) = {0}. For 
tuples U,,...,Um of vertices in G” and graphs Ay,...,Hm, we may write 
G’ z, Hi G5, ... Do, Hm; the order of the summation of the H;s does 
not matter. In the following, types are always first-order types, and we 
write tp instead of tp¥°. Let me remark that of the two lemmas below that 
are concerned with computing types, Lemma 6.1 also holds for MSO-types 
instead of FO-types, whereas the Lemma 6.2 only holds for FO-types. 

To see that the parameterized problems in Lemmas 6.1 and 6.2 are 
well-defined, suppose that we have labelled graphs G, G’, H,,...,Hm and 
tuples v,...,Um of vertices of G’ such that G = G’ Bz, Hi as - -Bon Hm. 
Then it follows from Lemma 2.3 that tp,(G, Uo) only depends on the types 
tp, (M1, 01),---,tpg(Hm, Üm) and not on the actual graphs H;. That is, for 
all graphs H{,...,H;, with V(G' O H;) = {v;} and tp, (Hj, i) = tp,( Hi, vi) 
it holds that 


tp,(G" Dı H; | a | Üm H!) — tp,(G, vo). 


Lemma 6.1. The following problem is fixed parameter tractable: 


Instance. A labelled graph G” of branch width k, tuples 0; € 
V(G’)™ for i € [0,m] that induce cliques in G’, and 
g-types O1,..., Om 

Parameter. q 


Problem. Compute the type tp,(G,vo) for all graphs G = 
G’ @5, Mi Ga, -.. Do, Hm, where the H; are graphs 
with tp,(Hi, 0;) = O; for all ¿ € [m] 


Proof sketch. The proof is similar to the second proof of Courcelle’s The- 
orem: We take a branch decomposition of G’. Starting at the leaves, we 
compute the types of the boundaries of all nodes. To accomodate for the 
graphs H;, we label some of the leaves of the branch decomposition with the 
cliques v;, for i € [m], instead of edges of G’. The type that is passed from 
such a leaf to its parent in the computation is 0;. In order to obtain the 
type tp,(G, Uo) and not just tp,(G, ()) (the type of the empty tuple) at the 
root, at each node t of the decomposition we compute the type of a tuple 
consisting of the vertices in the boundary (t) together with all vertices 
of the subgraph G’[3(t)] that appear in the tuple ūọ (instead of just the 
vertices in 0(t)). Q.E.D. 
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Lemma 6.2. For all A, u, the following problem is fixed-parameter trac- 
table: 


Instance. A labelled graph G’ € La u, tuples 0; € V(G’)* 
for i € [0, m] that induce cliques in G’, and q-types 
O1... , Om 

Parameter. q 


Problem. Compute the type tp¿(G,Uo) for all graphs G = 
G' @5, Hi Ga, --. Do, Hm, where the H; are graphs 
with tp,(Hi, 0;) = O; for all ¿ € [m] 


Proof sketch. We prove the statement by induction on u. For u = 0, that is, 
graphs in £), it can be proved similarly to Theorem 4.9 (using Lemma 6.1 
locally). 

So let u > 0. Suppose we are given an instance of the problem. We ob- 
serve that the graph G” contains a vertex w such that G’\{w} € £y,-1. As 
£y,.—1 is minor-closed and hence decidable in cubic time by Corollary 5.12, 
we can find such a vertex in time O(n*). We define a new labelled graph G* 
by deleting the vertex w and labelling all vertices adjacent to w in G’ witha 
new label P. We then translate every formula w of quantifier rank at most q 
into a formula ~* such that G = (to) <= G* H yY* (vo). As G* € Ly yi, 
we can apply the induction hypothesis to check if G* = %*(ðo), and this 
way we can compute the type of vo in G. Q.E.D. 


Theorem 6.3 (Flum-Grohe, [38]). For every class C of graphs with an 
excluded minor, the problem p-MC(FO,C) is fixed-parameter tractable. 


Proof sketch. Let G € C and y € FO, say, of quantifier rank q. Let A, u > 0 
such that C C D(£),,,). Using Lemma 5.13, we compute a clique sum 
decomposition (T, y) of G over Ly. 

Now the obvious idea is to compute the q-types of the “boundary tuples” 
for the parts y(t) in the decomposition in a bottom-up fashion, similarly to 
the second proof of Courcelle’s Theorem. Unfortunately, this simple idea 
does not work, because a clique sum decomposition is not as well-behaved 
as a branch decomposition, and the boundaries of the parts may have un- 
bounded size. It may even happen that an atom of the decomposition 
(corresponding to a leaf of the tree) intersects all other atoms. Figure 6.1 
illustrates this. 

Observe that a graph in £),, cannot contain a clique with more than 
k = [(3/2)- A+] vertices. Hence for all nodes t of T with children ty, t2, 
we must have V(7(t1) N y(t2)) < k, because V(¥(t1) O y(t2)) is a clique in 
the y(t;), and this clique will appear in some atom of the decomposition. 
Let us fix some order of the vertices of G. For every inner node t with 
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G’'eMe...@Mmel 


FIGURE 6.1. The left hand side shows a graph and the right hand side a 
clique sum decomposition of this graph where the atom G” intersects four 
other atoms and the atom Hə intersects two other atoms 


children t1, t2, we let G be the ordered tuple that contains the elements of 
V(t) A (t2). 

Our algorithm proceeds recursively, that is, “top-down” , instead of “bot- 
tom up” as the algorithm in the proof of Courcelle’s Theorem, to compute 
the types of the tuples ¢. Let us start at the root r of T. Our goal is to 
compute the q-type of the empty tuple in Œ. Suppose that the clique sum 
at r is G = G1 @ G2. We now want to compute the q-type of the tuple ¢, 
in both Gı and G2; from that we easily get the q-type of the empty tuple 
in G using Lemma 2.3. So let us continue by computing the q-type of ĉc, 
in G1. Suppose the children of tı are tı; and tig. Let ¢; = C. Now we 
have a problem: To determine the q-type of ¢, in G1, it does not suffice 
to compute the q-types of ¢, in Gj, and G12, because ¢, and ¢, may be 
disjoint tuples. It seems that we have to compute the q-type of the longer 
tuple ĉĉ, in both graphs. But clearly we cannot afford the tuples to get 
longer at every recursion level. Now recall that {c} is a clique in G1. Hence 
it is either contained in {21} = V(Gi1) NV (Giz), in which case we have no 
problem anyway, or it is contained in precisely one of the two graphs G11, 
G2. Suppose ¢, is contained in G12. Then we first compute the q-type 
© of the tuple ¢, in G11. Now we have to compute the type of ¢, in the 
graph Gi = Gi, ® Gig. That is, we are in the situation where we have to 
compute the type of a tuple v of vertices of a graph G” in a graph G’ y H 
for some (and hence all) graph(s) H with tp,(H, v) = ©. Furthermore, we 
know that v, v induce cliques in G”. The general problem we have to solve 
recursively at all nodes of the decomposition tree is the following: 


Compute the q-type of a tuple Uo of vertices of a graph G” in a graph 
G' Da, Hı Ge. ... Dom Hm for some (and hence all) graph(s) H; with 
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tp, (Hi, či) = ©;. Here all the tuples v; have length at most k, and 
they induce cliques in G”. 


At the leaves we can use Lemma 6.2 to do this. At the inner nodes, we 
proceed as described for the node tı above. Q.E.D. 


The proof of the theorem actually shows that for all classes C with ex- 
cluded minors, p-MC(FO,C) has an fpt algorithm with exponent at most 5. 
Hence, the exponent is independent of the class C. Thus we have “almost” 
proved that there is an fpt algorithm for the model checking problem pa- 
rameterized both by formula size and the size of the excluded minor. With 
considerable additional effort, we can get rid of the “almost” in this state- 
ment. Let me explain where the difficulties are and, in very general terms, 
how they are resolved. 

Let us first make the statement precise. We define a new graph invariant 
excluded minor order (emo) by letting 


emo(G) = min{|H| | H 4 G} 


for every graph G. Note that emo(G) = min{n | Kn 4 G} and that a class 
C excludes a minor if and only if it has bounded excluded minor order. Our 
goal is to prove that the following problem is fixed-parameter tractable: 


p-MC(FO, emo) 
Instance. A graph G and a sentence y € FO 


Parameter. |p| + emo(G) 
Problem. Decide if GE y 


We have already proved that for every k there is an fpt algorithm A, 
with exponent 5 for the first-order model checking problem on the class 
of all graphs of excluded minor order at most k. The problem is that the 
family A, of algorithms is nonuniform, that is, we have a different algorithm 
for every k. To prove that p-MC(FO, emo) is fixed-parameter tractable, we 
need a uniform family Ax, or equivalently, a single algorithm A that takes k 
as an additional input. The family of algorithms we construct in the proof is 
nonuniform because we use Corollary 5.12 to get decision algorithms for the 
minor-closed classes £), (in the proof of Lemma 6.2) and D(L),,,) (in the 
proof of Lemma 5.13) for parameters A, u that depend on the excluded minor 
order of the input graph. If we could compute finite families of excluded 
minors characterising the classes £),,, and D(L),,,) from the parameters 
A, 4, then we would be fine, but we currently do not know how to do this. 
Fortunately, there is an alternative approach that avoids Corollary 5.12 
entirely. The application of Corollary 5.12 in the proof of Lemma 5.13 
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yielded an algorithm for computing a clique sum decomposition of a graph 
over D(L),,,). While we do not know how to compute such a decomposition 
uniformly in À and yp, in [18] we found a way to compute, uniformly in A, 4, 
a decomposition that is a sufficiently good approximation of the desired 
clique sum decomposition. The algorithm recursively splits the input graph 
along small separators that are sufficiently “balanced”. The application of 
Corollary 5.12 in the proof of Lemma 6.2 was needed to find a set of at 
most u vertices in a graph in £),,, whose removal left a graph in £). In 
[18], we found an fpt algorithm that, given a graph G € £L),,, computes a 
set W C V(G) of at most p vertices such that G\ W E€ Ly for some A’ that 
is effectively bounded in terms of A. This is good enough for our purposes. 
Putting everything together, we obtain the following result: 


Theorem 6.4 (Dawar-Grohe-Kreutzer, [18]). p-MC(FO, emo) is fixed-pa- 
rameter tractable. 


We say that a class locally excludes a minor if it has locally bounded 
excluded minor order. Then combining Theorems 6.4 and 4.9, we get: 


Corollary 6.5 (Dawar-Grohe-Kreutzer, [18]). For every class C locally ex- 
cluding a minor, the problem p-MC(FO,C) is fixed-parameter tractable. 


7 Other logics and other problems 


In this section, we briefly discuss some extensions of the main results men- 
tioned in this survey to more powerful logics, and also to variants of the 
basic model checking problem. 


7.1 Other logics 


It is really not much that is known about algorithmic meta theorems for 
logics other than first-order and monadic second-order logic. Courcelle’s 
Theorem and its variant for graphs of bounded rank width can be extended 
to the extension of monadic second order logic by modulo counting quan- 
tifiers [10, 12] (also see [58]), and clearly not to full binary second order 
logic. 

As for the results for first-order logic, let us consider potential exten- 
sions of the model-checking results to monadic transitive closure logic and 
monadic least fixed-point logic. Both transitive closure logic and least fixed- 
point logic have been extensively studied in finite model theory [31, 56]. 
Their monadic fragments are strictly contained in monadic second-order 
logic, and they strictly contain first-order logic. (When we say that a logic 
contains another logic, we mean semantic containment, that is, Ly contains 
Lg if every formula of Lə is logically equivalent to a formula of Lı. We say 
that Lı strictly contains Lə it Lı contains Lz, but Lə does not contain L1.) 
Monadic transitive closure logic and monadic least fixed-point logic seem to 
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mark the boundary of the range of logics to which the tractability results 
for first-order model checking can be extended. 

Monadic transitive closure logic TC! is the extension of first-order logic 
by formulas of the form [TCz,,y](z,y), where y is a formula with free 
variables among {x,y}. The free variables of the formula [TCz,,y](z, y) are 
x and y. It is allowed to nest TC-operators arbitrarily and interleave them 
with first-order quantifiers and connectives. However, we do not allow any 
other free variables than x and y in the formula ¢ in [TCz,,y|(z,y). The 
semantics is defined as follows: If G is a (labelled) graph and v,w € V(G), 
then G H [TCz,y](v,w) if and only if there is an m > 1 and vertices 
U1,---;Um E V(G) such that v = v1,w = vm, and GE (vi, vi41) for all 
i€|[m-— 1]. 


Example 7.1. The following TC!-sentence states that a graph is con- 
nected: 
VaVy[TCeyE(2, y)] (x, y). 


It is known that there is no sentence of first-order logic defining connectivity 
(see, e.g., [31, 32, 56]). 


Example 7.2. The following TC!-sentence states that a graph has no cyclic 
walk of odd length and hence is bipartite 


“aay ( [TCpgae( Ba, z) A E(z, y))] (x,y) A Ely, x)). 


Again, it is known that there is no sentence of first-order logic defining 
bipartiteness. 


The logic TC’ trivially contains FO, and it is strictly contained in MSO. 
As opposed to MSO, its data complexity is still in polynomial time (actually, 
in nondeterministic logarithmic space). 


Theorem 7.3. Let C be a class of graphs that contains all planar graphs 
of degree at most 3. Then p-MC(TC',C) is hard for the parameterized 
complexity class AW[x]. 


Proof sketch. We reduce the model checking problem for first-order logic on 
arbitrary graphs, which is known to be AW[x|-complete (by Theorem 2.12), 
to p-MC(TC’,C). Let G be a graph and y a first-order sentence. 

We start with constructing a drawing of G in the plane, which of course 
may involve edge crossings. We can find a drawing with at most polyno- 
mially many (in the number of vertices of G) crossings such that in each 
point of the plane at most 2 edges cross. We introduce five new labels 
Pi, P2,Q1, Q2, R. We define a new labelled graph G by labelling each ver- 
tex of the original graph G with Pı and replacing each edge crossing in the 
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--tł=._ S = label Qı 
Pa SE Q = label Qo 
i y ® = label R 


FIGURE 7.1. A gadget for edge crossings 


drawing of G by a little gadget, as shown in Figure 7.1. Observe that the 
edge relation of the graph G can be defined in Gi by a TC’-formula (but 
not by an FO-formula, because an edge may cross many other edges). G1 
is planar, but may have degree greater than 3. We define a graph G2 by 
replacing every vertex v of G; of degree d by a binary tree with exactly d 
leaves. With each leaf we associate one vertex w adjacent to v in G1. We 
connect the leaf of the v-tree associated with w with the leaf of the w-tree 
associated with v. Then we identify v with the root of its tree, label it P4, 
and label all other vertices of the tree P2. Then the edge relation of G is 
also definable in Gz by a TC!-formula. We can use this formula to translate 
the formula y into a TC'-formula p2 such that 


GE% Go = y2. 


Gə is a planar graph of degree at most 3, and it clearly can be computed 
from G in polynomial time. This gives us the desired reduction. Q.E.D. 


Monadic least-fixed-point logic LFP! (see, e.g., [48, 76]) is the extension 
of first-order logic by formulas of the form [LFP;,xy](x), where ¢ is a first- 
order formula such that X only occurs positively in y and y has no free 
individual variables other than x. (It may have free set variables other than 
X.) The free variables of [LFP;,xy](x) are x and all free set variables of 
p except X. To define the semantics, let y = y(x, X,Y1,..., Ym). Let 
G be a labelled graph and W1,..., Wm C V(G), v € V(G). Then G = 
[LFP, xy(2,X,Wi,...,Wm)](v) if and only if v is in the least fixed point 
of the monotone operator U + {u | GE y(u,U,Wi,...,Wm)} on V(G). 
We call a formula in LFP! restricted if for every subformula of the form 
[LFP.,x¢y]|(x), the formula y has no free set variables other than X. By 
LFP} we denote the fragment of LFP! consisting of all restricted formulas. 

The reason for requiring that a formula y in the scope of a fixed-point 
operator [LFP;,xy](x) contains no free individual variables other than x is 
that otherwise even the restricted fragment of the logic would contain TC’. 
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It can be shown that LFP* (as defined here) does not contain TC! and that, 
conversely, TC! does not contain LFP’, not even LFPY. 

I was unable to come up with convincing examples of properties of plain 
graphs that are definable in LFP} or LFP!, but not in first-order logic. 
However, this changes when we admit more general structures. For example, 
on Kripke structures, that is, labelled directed graphs with one distinguished 
element, LFP* contains the modal p-calculus. Here is another example: 


Example 7.4. We can describe monotone Boolean circuits as labelled di- 
rected acyclic graphs, and assignments to the input gates by an additional 
label. It is easy to see that there is an LFP}-formula stating that an assign- 
ment satisfies a circuit. This is not definable in first-order logic. 


As we mentioned earlier, almost all results presented in this survey ex- 
tend to arbitrary structures. In this context, the following tractability result 
is more interesting than it may seem in a purely graph theoretical context. 


Theorem 7.5. Let C be a class of graphs such that p-MC(FO, C) is fixed- 
parameter tractable. Then p-MC(LFP7}, Cj) is fixed-parameter tractable. 


Proof sketch. To evaluate a formula of the form [LFP,} xẹ](£), where y = 
p(x, X) is first-order, in a graph G, we proceed as follows: We introduce 
a new label P. Initially, we set P(G) = @. Then we repeatedly compute 
the set of all v € V(G) such that G = (v, P(G)) using an fpt algorithm 
for p-MC(FO,Cjp) and set P(G) to be the set of all these vertices. After at 
most n = |G| steps, the computation reaches a fixed point, which consists 
precisely of all v such that G — [LFPz,xy](v). Using this algorithm as a 
subroutine, we can easily model-check arbitrary sentences in LEP? Q.E.D. 


Lindell [57] proved that for the classes Dk of graphs of degree at most 
k, the problem p-MC(LFP}, D;) even has a linear time fpt algorithm. 


7.2 Generalised model checking problems 


For a formula ọ(x1,..., zk) and a graph G, by y(G) we denote the set of all 
tuples (v1,..., vz) E€ V(G)* such that GE y(u1,..., vx). For every logic L 
and class C of graphs, we may consider the following variants of the model 
checking problem p-MC(L,C): The input always consists of a graph G € C 
and a formula y € L, possibly with free variables. The parameter is |y|. The 
decision problem simply asks if y(G) is nonempty. For logics closed under 
existential quantification, this problem is equivalent to the model checking 
problem p-MC(L,C). Therefore, we shall not consider it here anymore. The 
construction problem asks for a solution v € y(G) if there exists one. The 
evaluation (or listing) problem asks for all solutions, that is, for the whole set 
(G). Finally, the counting (or enumeration) problem asks for the number 
\y(G)| of solutions. All these problems have natural applications. 
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The results on monadic second-order model checking on graphs of bound- 
ed branch width and bounded rank width (Theorems 3.3 and 3.17) can be 
extended to the corresponding construction and counting problems [3, 15, 
37, 40]. For the evaluation problem, the situation is a bit more complicated 
because the size of the answer y(G) may be much larger than the size of the 
input (n* for a graph of order n and a formula with k free variables), hence 
we cannot expect an algorithm that is fixed-parameter tractable. However, 
it has been proved that there is a linear time fpt algorithm for this problem if 
the running time is measured in terms of the input size plus the output size 
[16, 37]. Recently, it has been shown that there even is such an algorithm 
that does a linear (in terms of the input size) pre-computation and then 
produces solutions with delay bounded in terms of the parameter [4, 13]. 

Frick [40, 41] proved that the construction problem and counting prob- 
lem for many classes of graphs of locally bounded branch width, including 
planar graphs and graphs of bounded degree, has a linear fpt algorithm. 
This is a nontrivial extension of the model checking results. Even for a 
simple first-order definable counting problem like the parameterized inde- 
pendent set counting problem (“Count the number of independent sets of 
size k in a graph.” ), say, on a class of graphs of bounded degree, it is not ob- 
vious how to solve it by an fpt algorithm. For the evaluation problem, again 
there are linear time fpt algorithms if the running time is measured in terms 
of the input size plus the output size [40]. For classes of graphs of bounded 
degree, Durand and Grandjean [30] proved that there is an fpt algorithm 
for the first-order evaluation problem that does a linear pre-computation 
and then produces solutions with delay bounded in terms of the parameter. 

Finally, let us take a brief look at optimisation problems, which play a 
central role in complexity theory, but have not been studied very systemat- 
ically in the context of meta theorems. Consider a first-order formula y(X) 
that is positive in a free set variable X. Such a formula naturally describes 
a minimisation problem: Given a graph G, find a set S C V(G) of minimum 
size such that G |} (S). Many natural minimisation problems on graphs 
can be described this way. An example is the minimum dominating set prob- 
lem, which can be described by the formula dom(X) of Example 2.1. Simi- 
larly, formulas y(X) that are negative in X naturally describe maximisation 
problems. An example is the maximum independent set problem, which is 
described by the formula ind(X) = VaVy(7X (x) V =X (y) V AE(a,y)). We 
call such optimisation problems first-order definable. It was proved in [19] 
that the restriction of a first-order definable optimisation problem to a class 
of graphs with an excluded minor has a polynomial time approximation 
scheme, that is, can be approximated in polynomial time to any factor 
(1 +€), where £ > 0. 


Logic, graphs, and algorithms 413 


8 Concluding remarks and open questions 


Bounded Local Rank Width Locally Excluding a Minor 
Bounded Local . 
Branch Width Exluded Minor 


Bounded Local Branch 
Width with Excluded Minor 


Bounded Rank Width 


FIGURE 8.1. Classes of graphs with a tractable first-order model checking 
problems. Double-lined ellipses contain families of classes. Classes below the 
dashed line have a tractable monadic second-order model checking problem 


Figure 8.1 gives an overview of the classes of graphs we have studied 
in this survey. Let me conclude by mentioning a few directions for further 
research that I find particularly promising: 


8.1 Further tractable classes 


Many of the classes of graphs considered in this survey, including all classes 
excluding a minor, have bounded average degree. It may be tempting to 
conjecture that first-order model checking is tractable on all classes of graphs 
of bounded average degree, but it is easy to see that this is not the case. As 
Stephan Kreutzer observed, it is not even the case for classes of bounded 
maximum average degree, where the maximum average degree of a graph 
G is the maximum of the average degrees of all subgraphs of G. To see 
this, just observe that model-checking on a graph G can be reduced to 
model-checking on its incidence graph (i.e., the graph obtained from G by 
subdividing each edge once), and that every incidence graph has maximum 
average degree at most 4. 

Nešetřil and Ossona de Mendez [61] introduced a property of graph 
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classes that may be viewed as a refinement of maximum average degree 
and that avoids such problems. Let G be a graph. The radius of a minor 
mapping ps from a graph H to G is the minimum of the radii of the subgraphs 
G[u(v)], for v € V(H). We write H <, G if there is a minor mapping of 
radius at most r from H to G. Note that H <o G if and only if H is a 
subgraph of G. The greatest reduced average density (grad) of rank r of G 


is the number 
|E(H)| 


T-O) =m | Tran | Hs G). 


Note that Vo(G) is half the maximum average degree of G. Now a class C of 
graphs has bounded expansion if there is some function f such that V;-(G) < 
f(r) for all G € C and r > 0. Nešetřil and Ossona de Mendez observed that 
every class of graphs excluding a minor has bounded expansion. It can 
be shown that there are classes of bounded expansion that do not exclude 
a minor, not even locally. Conversely, there are classes of bounded local 
tree width and hence classes locally excluding a minor that do not have 
bounded expansion. This follows from Example 4.8 and the fact that classes 
of bounded expansion have bounded average degree. I refer the reader to 
(60, 61, 62] for an introduction to classes of bounded expansion and an 
overview of their nice algorithmic properties. 


Open Problem 8.1. Is p-MC(FO,C) fixed-parameter tractable for every 
class C of graphs of bounded expansion? 


There is no need to restrict the study of structural properties that fa- 
cilitate efficient model checking to graph theoretic properties such as those 
predominant in this survey. For example, it would also be very interest- 
ing to study the complexity of model-checking problems on finite algebraic 
structures such as groups, rings, fields, lattices, et cetera. 


Open Problem 8.2. Are p-MC(FO,C) and p-MC(MSO,C) fixed-param- 
eter tractable for the classes C of finite groups, finite abelian groups, finite 
rings, finite fields? 


8.2 Necessary conditions for tractability 


The main results presented in this survey may be viewed as giving sufficient 
conditions for classes of graphs to have tractable first-order or monadic 
second-order model checking problems. What are necessary conditions for 
tractability, and which classes have hard model checking problems? Note 
that it is not easy to come up with structural conditions for hardness, be- 
cause we can “cheat” and, for example, pad graphs that have a structure 
presumably making model checking difficult with a large number of isolated 
vertices. This makes the model checking problem “easier” just because it 
gives us more time to solve it. Thus we probably want to impose closure 
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conditions on the classes of graphs we consider, such as being closed under 
taking subgraphs. 

It follows from the Excluded Grid Theorem that for minor-closed classes 
C of graphs, p-MC(MSO,C) is fixed-parameter tractable if and only if C has 
bounded branch width. Actually, this can be slightly strengthened to classes 
closed under taking topological minors. I do not know of any results beyond 
that. To stimulate research in this direction, let me state a conjecture: 


Conjecture 8.3. Let C be a class of graphs that is closed under taking 
subgraphs. Suppose that the branch width of C is not poly-logarithmically 
bounded, that is, there is no constant c such that bw(G) < log® |G| for every 
G €C. Then p-MC(MSO,C) is not fixed parameter tractable. 


Of course, with current techniques we can only hope to prove this con- 
jecture under some complexity theoretic assumption. 

For first-order logic, I have much less intuition. Clearly, the present 
results are very far from optimal. Just as an illustration, observe that if a 
class C of graphs has a tractable first-order model checking problem, then so 
has the closure of C under complementation. (Recall that the complement 


of a graph G = (V, E) is the graph G = (v, 5) \E).) However, most of 


the classes we considered here are not closed under complementation. 


8.3 Average case analysis 


Instead of the worst case running time, it is also interesting to consider the 
average case. Here even the most basic questions are wide open. For n > 1, 
let Wn be a probability space of graphs with vertex set [|n]. We say that 
a model checking algorithm is fpt on average over WV sa if its expected 


running time on input G € Wn and y is bounded by f(|y|)-nO, for some 
computable function f. For every function p : N — [0,1] (here [0, 1] denotes 
an interval of real numbers), let G(n, p) denote the probability space of all 
graphs over |n] with edge probability p(n) (see, e.g., [2]). For a constant 
c € [0,1], we let G(n, c) = G(n, p) for the constant function p(n) = c. In [46], 
I observed that for p(n) = min{1, c/n}, where c € Rso is a constant, there 
is a model checking algorithm for first-order logic that is fpt on average over 


(G(,P)) ps1 


Open Problem 8.4. Is there a model checking algorithm for first-order 


logic that is fpt on average over (G(n,1/2)),.,? 


Let me suggest it as an exercise for the reader to design a model check- 
ing algorithm for existential first-order logic that is fpt on average over 
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8.4 Structures of bounded rank width 


Most of the results of this survey can easily be extended from classes C of 
graphs to the classes Cstr of arbitrary relational structures whose underlying 
graphs (Gaifman graphs) are in C. However, this is not true for the results 
that involve rank width. It is not at all obvious what an appropriate notion 
of rank width for arbitrary structures could look like, and I think it is a 
challenging open problem to find such a notion. 


8.5 Model checking for monadic least fixed-point logic 


Conjecture 8.5. Let C be a class of graphs such that p-MC(FO, Ci») is 
fixed-parameter tractable. Then p-MC(LFP',C),) is fixed-parameter trac- 
table. 


It will be difficult to prove this conjecture, because it is related to the 
notoriously open problem of whether the model checking problem for the 
modal p-calculus is in polynomial time. But maybe the conjecture is wrong; 
refuting it might be more feasible. 
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Abstract 


The modal p-calculus is—despite strictly subsuming many other 
temporal logics—in some respect quite limited in expressive power: it 
is equi-expressive to the bisimulation-invariant fragment of Monadic 
Second-Order Logic over words, trees, or graphs. Hence, properties 
expressible in the modal p-calculus are inherently regular. 

Motivated by specifications that reach beyond the regularity 
bound, we introduce extensions of the modal p-calculus that can de- 
fine non-regular properties. We focus on two modal fixed-point logics: 
the Modal Iteration Calculus (MIC) which uses inflationary instead of 
least fixed-point quantifiers, and Fixed-Point Logic with Chop (FLC) 
which incorporates sequential composition into the modal p-calculus. 
We compare these two different approaches to increased expressive- 
ness. In particular, we show how a common set of specifications can 
be formalised in each of them and give an overview of known results. 

The modal pi-calculus also enjoys a nice game-theoretic character- 
isation: its model checking problem is equivalent to the problem of 
solving a parity game. We also show how to characterise the model 
checking problems for MIC and FLC in this way, making use of ap- 
propriate extensions of parity games, namely stair parity and back- 
tracking games. 


1 Introduction 


Modal and temporal logics. The most commonly used specification 
logics in the theory of computer aided verification are based on proposi- 
tional modal logic augmented by temporal operators. Among those one can 
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broadly distinguish between linear and branching time logics, depending 
on how they treat the temporal development of processes. The modal u- 
calculus, £,, for short, provides a common generalization of most temporal 
logics. It is defined as the extension of basic propositional modal logic by 
rules to form the least and the greatest fixed point of definable monotone 
operators. 

L is a regular logic in the sense that it can be translated into monadic 
second order logic (MSO) and therefore can only define regular classes 
of trees and their representations as transition systems. It is even equi- 
expressive to the bisimulation-invariant fragment of MSO over trees or 
graphs [9] and can therefore be seen as the regular branching time tem- 
poral logic. 

Temporal logics such as LTL, CTL or CTL* are all embeddable into 
Lu- They can express important properties—such as reachability, safety, 
liveness, fairness, etc.—and specifications in these languages can be verified 
automatically and in many cases also efficiently in process models. How- 
ever, a number of natural properties of processes are no longer regular and 
therefore cannot be expressed in any of these logics. For instance, one can- 
not express that a specific event occurs in all possible execution traces at 
the same time [7], that every transmission is acknowledged, or that there 
are no more returns than calls. 

To express these properties in a logic, the logic needs to be able to count 
to some extent, at least to compare cardinalities, i.e. it needs to incorporate 
non-regular properties. There are various potential ways of defining logics 
with non-regular features. 

One option is to add a bisimulation preserving form of counting explic- 
itly, i.e. to consider a modal analogue to first-order plus counting. Similarly, 
one could add specific operators for the tasks at hand, an operator to com- 
pare cardinalities, for instance. In this way, logics tailored towards specific 
tasks can be obtained. 

Another possibility is to enrich the models over which a regular logic 
is interpreted with some extra information and let the operators of the 
logic make use of this. This has been done in the linear time temporal logic 
CARET for example [1]. It is interpreted in an LTL-like fashion over infinite 
words that represent runs of recursive processes, i.e. positions in these words 
are marked with call and return symbols. CARET then extends LTL by 
allowing its operators to access return positions that match the previous call 
position in the sense that in between the calls and returns form a balanced 
Dyck-language. This way, non-regularity is added into the meta-logic rather 
than the logic itself. 

A different approach is to consider general purpose logics employing 
more expressive fixed-point constructs than least fixed points of monotone 
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operators. This is the trait we follow in this paper. There are (at least) two 
ways in which the modal p-calculus can be extended in this way: one can 
relax the restriction to monotone operators or one can stick to monotone 
operators but allow fixed-point inductions of higher order. We consider 
these options and introduce two modal fixed-point logics: (1) the Modal 
Iteration Calculus (MIC) which replaces least and greatest fixed points in 
La by inflationary and deflationary ones; and (2) Fixed-Point Logic with 
Chop (FLC) which extends £,, with an operator for sequential composition. 
This necessitates a higher-order semantics. 

Non-regular properties. We illustrate these logics by a set of examples 
of non-regular properties, i.e. properties that cannot be expressed in L,,. 

The most obvious choices come from formal language theory. The first 
hurdle to take for a logic that wants to be able to express non-regular prop- 
erties is the standard example of a context-free and non-regular language, 
ie. L = {a"b” | n > 1}. Note that MIC and FLC are branching time 
logics, and hence, we shall look for formulas that are satisfied by a state 
if, and only if, it has a maximal outgoing path whose labels form a word 
in L. While this is a toy example, there are also formal languages which 
give rise to interesting program correctness properties. Let © = {a,b} and 
consider the language L consisting of all words that do not have a prefix in 
which there are more b’s than a’s. It is easily seen to be non-regular but 
context-free, and it is the formal language basis of the aforementioned prop- 
erty about calls and returns. A suitable reformulation of this language in a 
formula of MIC or FLC would show that these logics can express properties 
of recursive processes like “no process is ended unless it has been started” 
etc. Note that this is also the same as absence of underflows in FIFO or 
LIFO buffers of unbounded size. 

Non-regularity, however, need not be rooted in the theory of formal word 

languages. Branching time logics whose expressive power exceeds that of 
£,, may also be able to express properties that are unrelated to context-free 
languages. For example, the aforementioned uniform inevitability property 
— some event occurs in all executions at the same time—cannot be expressed 
by a finite tree automaton. As we shall see, it can be expressed in both MIC 
and FLC. Note that this is a generalization of the property of being bisimilar 
to a balanced tree—the globally occurring event is just a deadlock in this 
case. 
Games. Closely related to modal logics are games since model check- 
ing problems for modal logics often have game-theoretic characterizations. 
Games in this context are played by two players who push a token along 
a path through the game arena formed by some product of the underlying 
structure and the syntax tree of the formula at hand. The logic influences 
the type of winning condition. 
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Modal logic for instance induces simple reachability games, while the 
fixed-point recursion mechanism in the modal p-calculus requires games 
with winning conditions on infinite plays, namely parity games [18]. 

There is often a reverse connection between games and modal logics as 
well. Game graphs can be seen as labeled transition systems again, and it 
is reasonable to ask whether the winning regions—the parts from which one 
of the players has a winning strategy—can in turn be defined by a formula 
of that logic. This is the case for the modal p-calculus and parity games. 

As the logics considered here are proper extensions of £,,, this gives an 

intuitive explanation of why simple parity games do not suffice to charac- 
terize their model checking problems. Instead, an interesting game model 
for the logics presented here is that of stair parity games which are played 
on the configuration graph of a visibly pushdown system [15]. The name is 
due to the fact that the parity condition is not evaluated on the whole of a 
play but only on that part that looks like stairs w.r.t. the stacks involved 
in these games. We show how the model checking problems for both MIC 
and FLC can be characterized by stair parity games. 
Outline. The paper is organized as follows. Section 2 contains preliminary 
definitions about transition systems and recalls some necessary fixed-point 
theory and the modal p-calculus. In Section 3 we then introduce MIC and 
FLC formally and give examples of formulas defining non-regular properties 
in these logics. At the end of this section we compare the two logics by giving 
an overview of the known complexity and expressivity results about them. 
Section 4 then defines stair parity games and shows how to characterize 
MIC’s and FLC’s model checking problems by them. We also introduce 
backtracking games, which are non-regular games extending ordinary parity 
games in a different way. They were originally introduced as game model 
for inflationary fixed-point logics. Finally, Section 5 concludes the paper 
with some remarks about further research. 


2 Preliminaries 


Labeled transition systems. For the remainder of this paper we fix a 
finite non-empty set A of actions and P of proposition symbols. 

A labeled transition system is a structure T := (S,{—> : a € A}, L), 
where S is a finite non-empty set of states, > is a binary relation on states 
for each a € A, and L : S > 2? is a function labeling each state s with the 
set of propositions true at s. 


Fixed-point theory. Let A be a set and F : 24 — 24 be a function. F 
is called monotone if F(X) C F(Y) for all X CY CA. A fixed point of F 
is any set P C A such that F(P) = P. A least fixed point of F is a fixed 
point that is contained in any other fixed point of F. 
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It is a consequence of the Knaster-Tarski theorem [19] that every mono- 
tone function F : 24 — 24 has a least and a greatest fixed point, written 
as lfp(F) and gfp(£’), which can be defined as 


lfp(F) = (KX CA: F(X)=X} = (\{X CA: F(X) C X}, 
and 
efp(F) = {XC A: F(X) =X} = {XC A: F(X) 2 X}. 


Least fixed points of monotone operators can also be obtained inductively 
by the ordinal-indexed sequence X° of subsets of A defined as 


Reg ign MO a As: SO GSN xS 


QLK 


where « is a limit ordinal. As F is monotone, this sequence of sets is 
increasing, i.e. for all a, 8: if a < 8 then X“ C X’, and therefore reaches 
a fixed point X®, with X° := X® for the least ordinal a such that X% = 
X°+1, The fixed point X° is called the inductive fixed point of F. Again it 
follows from Knaster and Tarski’s theorem that for every monotone operator 
F : 2^ — 24, the least and the inductive fixed point coincide. 

Similarly, the greatest fixed point of a monotone operator can also be 
defined inductively by the following sequence of sets: 


KO u Acs, AKERE pe SE ME AE ee 
ack 
where, again, « is a limit ordinal. 
Least and greatest fixed points are dual to each other. For every operator 


F define the dual operator F° : X ++ (F(X°))° where X°:= A\ X. If F is 
monotone, then F? is also monotone and we have that 


Ifp(F) = (gfp(F%))° and gfp(F) = (Ifp(F%))°. 


The modal p-calculus. We briefly recall the definition of £,. Let V be 
a countable infinite set of variables. The formulas of £, are given by the 
following grammar. 


g :=q| q| X| vp) | (YAY) | laly | (ay | uX.¢ | vx. 


where q E€ P, a € A, and X € V. The semantics of £, is that of basic modal 
logic where in addition formulas X.y and v.X.y are interpreted as follows. 
On any labeled transition system 7 with state set S, an £,-formula y(X) 
with free variable X € V induces an operator F, : 25 — 2° which takes a 
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set U of states to the set [y]%,_,,. Here, we write [y]%_,y for the set of 
states from 7 at which the formula y holds under the interpretation that 
interprets the variable X by the set U. As, by definition, X occurs only 
positively in ọ, this operator is monotone. We define [uX.y]7 := Ifp(F,) 
and [vX.y]7 := gfp(F,). 


Notation 2.1. Sometimes we want to speak about transitions labeled with 
any action, and therefore use the abbreviations Oy := Vaca(a)y, and 
p := Nacalaly. We shall also use terms tt := q V ~q, ff := q A 79 
for some q € P. 


3 Non-regular logics 


In this section we introduce two extensions of the modal p-calculus by non- 
regular constructs. We first recall the Modal Iteration Calculus, introduced 
in [4] which incorporates inflationary fixed points into £,,. In Section 3.2 we 
then introduce the Fixed-Point Logic with Chop, introduced in [16], based 
on extending £, by sequential composition. To illustrate the logics and to 
help comparing them, we exhibit a set of examples and give formalizations 
for them in both logics. 


3.1 The Modal Iteration Calculus 

Informally, MIC is propositional modal logic ML, augmented with simulta- 
neous inflationary fixed points. 

3.1.1 Syntax and Semantics 


Definition 3.1. Let V be a countable infinite set of variables. The formulas 
of the Modal Iteration Calculus (MIC) are given by the following grammar. 


g ==q4|X |=| l Ve)| (eA) I [aly | (a)y | ifpx.s | dfpx.s 
where X € V, q EP, a € A, and 


Al — ir 
bec : 
Xk — QE 


is a system of rules with y; € MIC and X; € V for 1 < i < k. If S consists 
of a single rule X — y we simplify the notation and write ifpX.y instead 
of ifp X{X <— py}. 


We define Sub(y) as the set of subformulas of y as usual. In particular, 
the variables X; occurring on the left-hand side of rules in a system S as 
above count as subformulas. The semantics of the various operators are 
as in propositional modal logic with the semantics of ifp and dfp being as 
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follows. On every transition system T := (S,{—>: a € A}, L), the system 
S defines, for each ordinal a, a tuple X® = (Xf,..., Xf) of sets of states, 
via the following inflationary induction: 


X? I= DO, 
XPH = X? U led zx 
Xe 
ack 


where « is a limit ordinal. We call (X?,...,Xf) the a-th stage of the 
inflationary induction of S on T. As the stages are increasing (i.e. X¥ C X g 
for any a < ĝ), this induction reaches a fixed point (XP, ..., XZ). Now 
we put [(ifp X;: S)]7 := XS. 

The semantics of the deflationary fixed-point operator is defined analo- 
gously as the i-th component of the deflationary fixed point (XP°,..., XZ) 


obtained from the sequence XP := S, XPH! := XN [yilga and 
Xt := N Xe. 
ack 


3.1.2 Properties Expressible in MIC 

We demonstrate the Modal Iteration Calculus by some examples. It is 
immediately clear from the definition that every £,-formula is equivalent 
to a MIC-formula (by replacing every -operator by ifp and v-operator by 
dfp). We shall therefore use least fixed points as well as inflationary fixed 
points in the examples below. 


Example 3.2. Let us first consider the language {a”b” | n > 1} mentioned 
above. We model a finite word by a transition system consisting of a simple 


path whose edges are labeled by the letters in the word. For example, the 


word aabb € L is modeled by the system e+e “+e = e> o, ! 


Using this encoding of words, the language L can be defined as follows. 
The formula y := (a)tt AEF((b)tt) A WEF ((b) (a) tt) defines all words starting 
with an a, containing at least one b, and where all b’s come after all a’s, 
i.e. the language atbt. Here, EF(V) is the £, formula wR.(0 V OR) saying 
that a state satisfying ọ is reachable. Within atb* the language L can then 
be defined by the formula 


X bff vX) 
= | ifpZ.4 Y < (a)(~(a)tt A (bytt) V (a) VY 
Z e ((a)¥ A=EF((a)(0)=X)) V (=(a)Y A EF((a)(b) X)) 


1 There are two common ways of modeling a word by a transition system: labeling edges 
by letters, as we do it here, or labeling states by the corresponding letters. For MIC, 
the latter is often more convenient and helps to simplify formulas. For the logic FLC, 
which we shall consider below, the formalization used here is preferable. To unify the 
examples for MIC and FLC we prefer to use the edge labeling model for both logics. 
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We demonstrate the evaluation of the fixed points by the following two 
words w € L and we ¢ L. 
w = 12232425 wy 1243442546 


1 Xt := {5} 
X! := {4} yi ocx {3} 
Yt {2} 1 i 
Gis =: a Z = Ø 

2 X? := {4,5} 
X = {3, 4} 2 Aa, 

Z? = Ø i 


Hence, w satisfies the formula whereas wz does not. The idea is that 
at stage i of the fixed-point induction, X* contains all states from which 
a b-labeled path of length ¿i leads to a leaf. To define the induction on Y, 
let u be a state in 7 which has an incoming a-transition but only outgoing 
b-transitions, i.e. 


a b 
aie OS FO se 


Note that for words in atbt this state is unique. The state u is “in the 
middle” of the word. Then Y* contains all states from which there is a path 
to u of length i labeled by a’s. 

Finally, a state occurs in Z if at some stage i its a-successor is in Y* but 
the b-successor of u is not in X* or vice versa. Hence, the root occurs in Z 
if the labels of the path leading from the root to the leaf is not a word in 
a”b”. 


The example demonstrates a general technique of how counting can be 
implemented in MIC: we let an induction on a variable X start at a leaf 
and in each iteration proceed to a predecessor of a state already contained 
in X. At each stage i, X* contains the states of distance at most i from a 
leaf. We can then use a formula ~X A OX to define the states of distance 
exactly i from a leaf. This techniques is employed in various proofs showing 
expressibility and complexity results for MIC. We demonstrate it in the 
following example, where we define the class of transition systems bisimilar 
to a well-founded tree of finite height. Here the height of a leaf is 0 and the 
height of an inner node is the maximum height of its successors plus 1. 


Example 3.3. Let 7 := (S,{-> : a € A}, L) be a transition system and 
s € S. Then s € [wX.OX]? if, and only if, there is no infinite path emerging 
from s, i.e. (J, 8) is bisimilar to a well-founded tree—disregarding labels. 
Using a similar trick as in the previous example, we can define all nodes of 
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infinite height in a well-founded tree. For this, consider the formula 


X -0X 
yp := ifpZ.4 Y -=X 
Z — (OX AOC-Y) v off 


After a < w iterations, the stage X° contains all nodes of height < a and Y° 
contains all nodes of height < a—1. Hence, every node of finite height will at 
some point have all its successors in X but at least one successor outside of 
Y (except for the leaves which are included into Z by the disjunct Off) and 
therefore after w iterations Z contains all nodes of finite height. However, 
as X” = Y” a node r of height exactly w will never occur in Z. Hence, a 
tree has finite height if, and only if, its root satisfies wX.OX A AEF(-y). 


The next example shows how to define the class of transition systems 
bisimilar to balanced trees of finite height.? 


Example 3.4. All that remains is to define in the class of trees of finite 
height the class of balanced trees. This is done by the formula 


x X 
- | ifp Y. Z . 
Y OXX 


Again, for i > 0, the i-th stage X’ contains all states from which no path 
of length > i emerges. Hence, a state occurs in Y if it has two successors 
of different length. 


Finally, we give an example showing that the class of all transition sys- 
tems which are bisimilar to a word of finite length is MIC-definable. 


Example 3.5. We have already seen in the previous examples that we can 
axiomatize transition systems bisimilar to balanced trees of finite height. 
So all that is left to do is to give a formula that defines in such trees that 


all paths carry the same labels. This is easily expressed by the formula 
X -0X 
- | ifp Y. EF(AX AOX A (a) X) A 
Y = A | EOXADXa V (b)X) 


bE A,aAxb 


Using similar tricks we can express buffer underflow in finite words, 
i.e. the context-free language 


L := {w € {a,b} | Vu, v : w = w > Jule < Jula}. 


2 Note that all we can hope for is to define trees of finite height, as finiteness itself is 
not preserved under bisimulation and hence not definable in any modal logic. 
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Here, |u|, denotes the number of b’s in the word u and likewise for |u|,. It is 
not known, however, whether the “buffer underflow” and “bisimilarity-to- 
a-word” formulas can be amended for infinite words as well. The problem 
is that there no longer is a natural starting point for fixed-point inductions. 


3.2 Fixed-Point Logic with Chop 


We proceed by introducing a different extension of the modal p-calculus. It 
differs from MIC in that we again consider monotone inductions only, but 
the individual fixed-point stages are no longer sets of states but monotone 
functions from the complete lattice of all monotone operators over the state 
space. 


3.2.1 Syntax and Semantics 

Let P and A be as before, and V be a countable infinite set of variable 
names. Formulas of Fixed-Point Logic with Chop (FLC) over P, A and V 
are given by the following grammar. 


gp == ql-a|X|7/ (a) lla lV ye) | AY) ly) | uX.y | vX.p 


where q € P, a € A, and X € V. We shall write o for either u or v. In the 
following, we shall also omit parentheses and introduce the convention that 
“” binds stronger than the Boolean operators which, in turn, bind stronger 
than fixed-point quantifiers. 

The set of subformulas Sub(y) of an FLC formula y is defined as usual, 
for example Sub(oX.y) = {cX.y} U Sub(y), etc. Also, we assume that 
variables are quantified at most once in each formula. Hence, each y comes 
with a function fp,, which associates to each variable X in Sub(ọ) its defining 
fixed-point formula oX.w. 

FLC extends the modal p-calculus £, with the sequential composition 
(“chop”) operator -;-. Remember that variables in £, formulas can only 
occur in rightmost positions within Boolean formulas, possibly prefixed by 
modal operators. This gives an intuitive explanation of the fact that the 
expressive power of L, is restricted to regular languages of infinite words 
or trees—formulas of £,, resemble (alternating) right-linear grammars with 
modal operators as terminal symbols. 

Variables in FLC formulas, however, can also be suffixed with modal 
operators through the use of sequential composition, e.g. (a); X; (b). Since 
this is supposed to generalize the restricted composition of modal operators 
with formulas on the right, there is no need to include formulas of the form 
(a)y in FLC. Instead, this is supposed to be simulated by (a); p, and this 
is why modal operators are chosen as atomic formulas in FLC. 

The semantics of the modal p-calculus cannot simply be extended by 
clauses for the additional operators in FLC, in particular not for sequential 
composition. Remember that the semantics of £L, assigns to each formula 
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and environment interpreting its free variables a set of states of the under- 
lying LTS. In other words, the semantics of a £L, formula is a predicate. 

In order to interpret sequential composition naturally, the semantics of 
FLC lifts the £, semantics to the space of monotone functions of type 
25 — 2°, where S is the state space of an LTS. Hence, FLC formulas get 
interpreted by predicate transformers. This allows sequential composition 
to be interpreted naturally using function composition. 

Let T = (S,{-+: a € A}, L) be an LTS, and 


282S :— ff 29% 42 | VS TCS: if Sc PT then f(S) Cc f(T} 


be the set of all monotone predicate transformers over 7. This can be 
ordered partially by the well-known pointwise order 


fEg if YTCS: f(T) Co) 


In fact, (25 — 25, C) forms a complete lattice with top and bottom elements 
T = AT.S, L = AT.©, as well as meets and joins [], |]. The following is 
easily verified. Let f; € 25 — 2°, i € I for some set of indices J. Then 


ese BE ee he = AT. JAT) 


wel ie. icl icl 


are monotone too, and form the infimum, resp. supremum of { f; |i € I} in 
25 5 28. 

This function space will now act as the domain of interpretation for 
FLC formulas. A formula y(X) with a free variable X gives rise to a 
second-order function Fp : (2° 29) QF 25) which is monotone 
itself w.r.t. the partial order E. According to the Knaster-Tarski Theorem, 
least and greatest fixed points of such second-order functions exist uniquely 
in 2° — 2° and can be used to give meaning to formulas with fixed-point 
quantifiers just as it is done in the modal p-calculus and first-order functions. 

Let p : V — (25 - 2°) be an environment interpreting (free) variables 
by monotone predicate transformers. As usual, we write p[X > f] to 
denote the environment that maps X to f and agrees with p on all other 
arguments. The semantics of an FLC formula w.r.t. an underlying LTS and 
the environment p is defined inductively as follows. 


lq a = AT.{sES|qe L(s)} 
[q A = AT{sES|q¢ L(s)} 
[XI = AX) 

[7]? AT.T 

3 


= AT {sE S|ItE sS, st. st andteT} 
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[le] A = AT{sES|VWtES: ifs—t then t € T} 
evel, = [els u lel 
payla = keli nh, 
kyl = ATI (T) 
uXol? = [KA E2 = 2 l lx ES} 
vX = [HE2 = 25] fC klixon} 


Thus, the operators of FLC are simply translated into related operators on 
the lattice structure of the function space 2° >> 2° with r being the identity 
function as the neutral element of the sequential composition operator. 

Since FLC is supposed to be a program logic, it is necessary to explain 
when a single state satisfies a (closed) formula of FLC. Note that in the 
case of the modal p-calculus this is simply done using the element relation 
on the semantics of the formula. This is clearly not possible if the semantics 
is a function. The usual models-relation is therefore—by arbitrary choice— 
defined as follows. Let 7 be an LTS with state set S and s € S. 


T,s =p iff se [vl]? (S) 


This gives rise to two different equivalence relations in FLC: two formulas 
y and w are strongly equivalent if they have the same semantics. 


p= iff forall LTS T and all p: V > (25 28): fp]? = y]? 


On the other hand, they are weakly equivalent if they are satisfied by the 
same set of states in any LTS. 


yxw iff for all LTS T with state set S and all p: V > (2° > 2°): 
[lz (S) = Ivl; (S) 


Clearly, strong equivalence is at least as strong as weak equivalence: =C2— 
two functions that agree on all arguments certainly agree on a particular 
one. Here we are mainly interested in weak equivalence because it formalizes 
“expressing the same property”, and it is therefore the right notion for 
comparing FLC to other logics like MIC w.r.t. expressive power. 


3.2.2 Properties Expressible in FLC 
In the following we want to exemplify the use of FLC by formalizing a few 
non-regular properties. 


Example 3.6. Consider the language L = {a"b" | n > 1} again. It is 
generated by the context-free grammar with productions 


S — ab|aSb 
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FLC can express the property “there is a maximal path whose label forms 
a word in L”. 


(uX.(a); (b) V (a); X; (b)); O; ff 


Notice the apparent similarity to the grammar above. 
To illustrate the semantics of FLC formulas, we give the first few stages 
X’ of the fixed-point iteration for the subformula uX.(a); (b) V (a); X; (b). 


X? := M.S 
Xt = ATKAL Y Ko T) = AT-[(@)] EOT) 
X? = ATKAL Y (a) ] X T) 

= _ATKYLKHIT) Y KALKA DIKT) 


In general, X° is the function taking any set T to the set of states from which 
there is a path to a state in T under any of the words {ab, aabb, ..., atb}. 
Hence, |(uX.(a); (b) V (a); X; (b)); O; f£] takes any set T to the set of nodes 
from which a node without successors can be reached by some a”b”-path. 


Example 3.7. FLC can, like MIC, axiomatize the tree of height (at least) w 
upto bisimulation. Again, we first say that there is no infinite path utilizing 
the £,, formula uX.0X. 


Pin = pX.0O;X 


Then we need to say that there are paths of unbounded length. 
Punb t= (VX.TAX;O); tt 


Note that, by unfolding, this is equivalent to Apen ©”; tt. 
The following then expresses that a transition system is bisimilar to a 
tree of height exactly w. 


Pfin A Punb A Punb 


where the latter is supposed to express the complement of the respective 
unboundedness property. It can be obtained straight-forwardly as unb := 
(uX.7 V X; 0); ff. 


Recall that MIC can express bisimilarity to a finite word but possibly 
not to an infinite one. In FLC it does not seem to be possible to express 
either of these, and the problem is not to do with (in-)finiteness. For FLC 
the difficulty is to speak about two different paths. Note that an LTS T 
with starting state s is not bisimilar to any linear model if, and only if, 
there are two different actions a and b and a natural number n > 0, s.t. 


T,s FO... O(a) tt ^Q... O(b)tt 
—— —— 


ntimes ntimes 
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The model checking games for FLC presented below will give an idea of 
why the existence of such an n cannot be expressed in FLC. Essentially, 
non-bisimilarity could be decided using two stacks of formulas which would 
be used by one player to build the two conjuncts while the other player then 
decides which formula to prove in a given model. The FLC model checking 
games, however, only provide a single stack. 


Example 3.8. Consider the related but simpler property of bisimilarity to 
a balanced tree. While non-bisimilarity to a word can be characterized in 
meta-logic using quantification over three different sorts—there are actions 
a and b and a natural number n, s.t. there are paths of length n ending in a, 
resp. b—describing that an LTS looks like a balanced tree only needs two: 
there are n,m € N s.t. n < m and two paths, one of which is maximal and 
has length n, the other has length m. 


Take the FLC formula 


(uX.7 VX; (O; tt A )); : ff 


Now note that for any FLC formula y we have tt;y = tt. Let ® := 
UX.T V X;(O; tt AO). Unfolding the formula above and rewriting it using 
some basic equalities yields: 


® 


;Off = (T V ; (Ott A )); ff 
= Off V ®;(Ott AO; Off) 

= Off V(r VO; (Ott AD)); (Ott A ODF) 

= Off V (Ott A OOFf) V @; (Ott A OOtt A ff) 


The i-th unfolding of this formula asserts that there is a path of length i, all 
paths of length less than 2 can be extended by at least one state, but there 
is no path of length i + 1. Hence, the union over all these approximations 
defines exactly the class of all balanced trees of finite height. 


There is a straight-forward translation ®;.) : CFG — FLC which assigns 
to each context-free grammar G an FLC formula ®,q s.t. 


T,s @q) iff thereisate S anda w eE L(G) s.t. st 


where L(G) denotes, as usual, the context-free language generated by G. ®g 
simply is the uniform translation of G which replaces nonterminals in the 
grammars with pu-quantified FLC variables, concatenation with sequential 
composition, and alternatives between rules with disjunctions [13]. 
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However, there is no translation ®,) : CFG — FLC s.t. for all LTS 7 
with state set S and all s € S we have 


T,s |= Oc) iff for allt €S and all w € A*: if s—>¢ then w € L(G) 


Such a translation would contradict the decidability of FLC’s model check- 
ing problem by a simple reduction from the universality problem for context- 
free languages. 


Example 3.9. Finally, we consider the property of not doing more returns 
than calls, i.e. we want to specify a tree (or transition system) in which all 
paths, including non-maximal ones, are labeled by a word from the language 
L= {w € {a,b}* | Vu < w : |ulp < |ula} where < denotes the prefix relation 
on words, and |v|, stands for the number of occurrences of the letter a in v. 
This language is context-free, and for example generated by the grammar 
G as given by 
S — aTS |e T — bļ|aTT]|e 


The specification would be completed if there was a translation ®,.; as men- 
tioned above. Even though this cannot exist, the desired property can still 
be specified in FLC. Note that the language L(G) of all non-underflowing 
buffer runs is deterministic context-free, and its complement is generated by 
the grammar G” defined as 


S — bU | aTbU U — e|aU|bU T — b|aTT 


This can then be transformed into the FLC formula ®;g) and consecutively 
be complemented to obtain 


p := [b]; t A [a]; (VT [b] A [a]; T; T); [b]; f£ 
which expresses lack of buffer underflows on all runs. 


3.3 Complexity and expressive power 


First of all, it is not hard to see that both MIC and FLC are genuine 
extensions of the modal -calculus w.r.t. expressive power. 


Proposition 3.10 (Dawar-Gradel-Kreutzer-Miiller-Olm, [4, 16]). £, < 
MIC, £, < FLC. 


It is obvious that any £,,-formula is equivalent to a formula in MIC— 
simply replace -operators by ifp- and v- by dfp-operators. Furthermore, 
Lp translates into FLC almost as easily: simply replace every (a)y by (a); y, 
and every [aly by |[a];y. The strictness of both inclusions immediately 
follows from the previous examples showing how to express certain non- 
regular properties in these logics. Related to this is also the loss of the 
finite model property compared to £,,, as already shown in Ex. 3.3 and 3.7. 
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Proposition 3.11 (Dawar-Gradel-Kreutzer-Miiller-Olm, [4, 16]). Both 
MIC and FLC do not have the finite model property. 


The tree model property, however, can be proved by embedding MIC 
and FLC into infinitary modal logic. This is particularly simple for MIC 
where it only requires fixed-point elimination. 

For every FLC formula y we obtain a formula y’ of infinitary modal 
logic such that y ~ y’ by eliminating fixed points first, then followed by the 
elimination of sequential composition and the formula 7. This is possible 
because y % y; tt, and can easily be done by successively pushing sequential 
composition inwards from the right. 


Proposition 3.12 (Dawar-Gradel-Kreutzer-Lange-Stirling, [4, 14]). Both 
MIC and FLC are invariant under bisimulation and, hence, have the tree- 
model property. 


Not much is known about the expressive power of each of these log- 
ics relative to other formalisms like Predicate Logic, or—when restricted 
to word models—formal grammars and automata. For MIC, it is known 
that it is not the bisimulation-invariant fragment of monadic inflationary 
fixed-point logic, which would have been the natural candidate as L,, is 
the bisimulation-invariant fragment of monadic least fixed-point logic. As 
to grammars and automata, FLC is slightly easier to compare in this re- 
spect because of the similarity between formulas and context-free gram- 
mars. Also, the characterisation of least and greatest fixed points by the 
Knaster-Tarski Theorem gives a straight-forward embedding of FLC into 
Third-Order Logic. To gain a good intuition about the expressive power of 
temporal logics, however, it is often useful to consider word or well-founded 
models. 


Proposition 3.13 (Dawar-Gradel-Kreutzer-Lange, [4, 10]). When inter- 
preted over word models only, 


i) there is a language that is not context-free but definable in MIC. 
ii) FLC is equi-expressive to alternating context-free languages.’ 
iii) every language in DTIME(O(n)) is definable in MIC. 


3 These are generated by alternating context-free grammars which enrich ordinary 
context-free grammars by two types of non-terminals: existential and universal ones. 
While the generation of sentential forms and, thus, words for existential non-terminals 
is the usual one, universal non-terminals derive a sentential form only if all (rather 
than any) of their productions derive it. There are various ways of defining a precise 
semantics that captures this idea. Alternating Context-Free Grammars as defined by 
the second author [10] are in fact the same as Conjunctive Grammars by Okhotin [17]. 
There are also presumably non-equivalent models like the grammars by Moriya [8]. 
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iv) every language definable in MIC or FLC is in DSPACE(O(n)), i.e. 
deterministic context-sensitive. 


As usual, great expressive power also comes at a price. One can show 
that arithmetic is expressible in MIC on trees of height w, i.e. the tree un- 
raveling of the ordinal w. For this, a natural number n € N is identified 
with the set of nodes of height at most n. Then, arithmetic on the height 
of nodes can be shown to be definable in MIC. By doing so, one can trans- 
late any first-order sentence y over the arithmetic M := (N,<,+,-) into a 
MIC-formula %* such that M — w if, and only if, %* is satisfiable. Here, 
w* enforces its models to be bisimilar to a tree of height w and encodes the 
arithmetical sentence ~ on such trees. This immediately implies undecid- 
ability. 

Satisfiability in FLC is undecidable as well. This was first shown by 
Miuller-Olm using a reduction from the simulation equivalence problem for 
context-free processes [16]. An embedding of Propositional Dynamic Logic 
of Non-Regular Programs, however, yields a quantitatively similar result as 
the one for MIC. 


Proposition 3.14 (Dawar-Gradel-Kreutzer-Lange-Somla, [4, 13]). The sat- 
isfiability problem for both MIC and FLC is undecidable. They are not even 
in the arithmetical hierarchy. 


Concerning the model checking complexity, it is easily seen that a naive 
evaluation of MIC-formulas by iteratively computing the stages of the fixed- 
point inductions leads to an algorithm that correctly checks whether a given 
MIC-formula ¢ is true in a given transition system T in time O(|T|'*!) and 
space O(|T|-|y|). It is therefore in P whenever the formula is fixed. It is, 
however, PSPACE-hard already on a fixed 1-state transition system if the 
formula is part of the input. 

FLC differs from MIC w.r.t. model checking. First of all, fixed-point 
approximations can be exponentially long in the size of the transition sys- 
tem [12]. FLC can even express problems which are hard for deterministic 
exponential time, namely Walukiewicz’s Pushdown Game problem [21]. 

An upper bound of deterministic exponential time is not immediately 
seen. Note that naive fixed-point iteration in the function space 2° > 2° 
would lead to a doubly exponential procedure. But remember that model 
checking in FLC means that the value of a function on a particular argu- 
ment, namely S, needs to be computed rather than the entire function itself. 
This observation leads—with the aid of stair parity games, see below—to a 
singly exponential model checking algorithm. 


Proposition 3.15 (Dawar-Gradel-Kreutzer-Axelsson-Lange-Somla, [3, 4, 
12]). The combined complexity of the model checking problem for 
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i) MIC is PSPACE-complete, 
it) FLC is EXPTIME-complete. 
Regarding the data complexity, we have the following result. 
iii) For every fixed formula the model checking complexity of MIC is in P. 


iv) There are fixed FLC formulas for which the model checking problem 
is EXPTIME-hard. 


Regarding the expression complexity, we have the following results. 


v) Model checking MIC on a fixed transition system is PSPACE-com- 
plete. 


PSPACE-hardness of the expression complexity is obtained by a reduc- 
tion from QBF, the problem to decide if a given quantified boolean formula 
is satisfiable. It can easily be reduced to the model checking problem of 
MIC on a trivial transition system consisting of one state only. 

The only lower bound for the expression complexity of FLC that is 
currently known is P-hardness trivially inherited from £, [6]. 

An interesting question for non-regular logics is decidability of the model 
checking problem over infinite state systems. The known results there are 
negative. 


Proposition 3.16 (Miiller-Olm-Lange-Stirling, [16, 14]). The model check- 
ing problem for FLC over the class of normed deterministic BPA processes 
is undecidable. 


The proof uses the fact that characteristic formulas for simulation (equiv- 
alence) of BPA processes can easily be constructed in FLC. It is currently 
not known whether or not MIC has a decidable model checking problem 
over the class of context-free processes. 

Finally, we can use the model checking complexity results to prove an 
inexpressibility theorem, and partially separate MIC and FLC in expressive 
power. 


Theorem 3.17. FLC £ MIC. 


Proof. Take an FLC formula y whose set of models is EXP’TIME-hard 
according to Proposition 3.15 (iv). Suppose FLC < MIC. Then there would 
be a MIC formula y’ with the same set of models. However, according to 
Proposition 3.15 (iii), this set would also have to be in P, and we would 
have P = EXPTIME which is not the case. Q.E.D. 
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It is not yet known whether every MIC-definable property is also FLC 
definable or whether the two logics are incomparable w.r.t. expressive power. 
We suspect that the latter is the case. The difficulty in establishing this as 
a theorem though is the lack of machinery for showing inexpressibility in 
FLC. 


4 Non-regular games 


There are many ways of extending ordinary parity games. One option, 
which we shall consider first, is to introduce the concept of stacks to the 
games. Formally, these games are played on configuration graphs of push- 
down processes. In this approach we increase the modeling power of the 
game arenas while keeping the traditional way of playing games, i.e. the 
two players push a token along paths in the game arena and the priorities 
of this path determine the winner. 

A different approach is to stick to standard parity game arenas but 
change the way the games are played. This approach is taken in the concept 
of backtracking games, where a play no longer is a path through the arena 
but defines a complex subgraph. 


4.1 Stair parity games 


A pushdown alphabet A is a tuple (Ac, Ar, Ai) consisting of three disjoint 
finite alphabets, a finite set Ae of calls, a finite set A, of returns and a finite 
set A; of internal states. 


Definition 4.1. Let A := (Ac, Ar, Ai) be a pushdown alphabet. A visibly 
pushdown system (VPS) over (Ac, Ar, Ai) is a tuple B = (Q,A,T, ô) where 
Q is a finite set of states, and T is a finite stack alphabet. We simply write 
Tı for TU {L} assuming that T itself does not contain the special stack 
bottom symbol L. Finally, 6 = ôe U 6, U 6; is the transition relation with 


bo C Qx Ax QxT 
Or C QxAxTixQ 
ð C QxAxQ 


A transition (q,a, q', y), where a € A., means that if the system is in 
the control state q and reads an a, it can change its state to q’ and push 
the symbol y onto the stack. Similarly, upon a transition (q, a, q’, y), where 
a E€ Ar, it reads y from the top of the stack (and pops it unless y = L) 
and changes its state from q to q’. Transitions reading a € A; are internal 
transitions that do not change the stack. 

We now turn to defining stair parity games, which are parity games 
played on the configuration graph of visibly pushdown systems with a 
slightly modified winning condition. 
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Definition 4.2. A stair parity game (SPG) over a VPS B is a tuple Gg = 
(V, vo, Qa, Qv, E, Q) such that 


e V := Q xT*{_L} is the set of nodes in this game, 
e vo € V is a designated starting node, 

e Q is partitioned into Q3 and Qy, 

e ECV xV consists of edges ((q, ô), (q’, 5')) s.t. 


— there is a (q,a, q’, Y) € ĝe and 0’ = yô, or 
— there is a (q,a,7,q') € ô and 6 = 70’, or 
— there is a (g,a,q’') € 6; and 6’ = ô. 


e Q : Q — N assigns to each node a priority. 


For simplicity we assume that SPGs always are total, i.e. every node has 
an outgoing edge. A play in such a game is, as usual, an infinite sequence 
of nodes. It is played starting in vg, and continued by a choice along an 
outgoing edge of that player who owns the last visited node. Unlike the 
case of parity games, the winner is not determined by the least or greatest 
priority occurring infinitely often in a play. Instead, one only considers those 
nodes that form stairs, i.e. nodes with a stack that persists for the entire 
remainder of the play. 


Definition 4.3. Let Gg = (V, vo, Q3, Qv, E, Q) be a SPG over a VPS B, 
and let 7 = vo, U1, V2, ... be an infinite play of this game s.t. vi = (qi, ôi) for 
all ¿ € N. 

Define Steps(7) = {i € N : Vj > i |&| > |&|} where |8| denotes the 
length of the stack 5. Note that |Steps()| = co whenever 7 is infinite. 

Player 4 wins the play 7 if, and only if, max{c : there are infinitely 
many qi with i € Steps(m) and Q(q;) = c} is even. Otherwise, Player V is 
the winner of r. 


The stair parity game problem is: given a SPG (V, v0, Qa, Qv, E,Q), 
decide whether or not Player 3 has a winning strategy from node vo in 
this game. It can be shown that such games are determined, and that this 
problem is decidable. In fact, a reduction to an exponentially large ordinary 
parity game yields a moderate upper complexity bound. 


Theorem 4.4 (Loding-Madhusudhan-Serre, [15]). The stair parity game 
problem can be decided in EXPTIME. 
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sk (yo V 91); 6 


FIGURE 1. The rules of the FLC model checking games. 


4.2 A game-theoretic characterization of FLC 


Let T = (S, {> : a € A}, L) be an LTS, so € S and Ẹ be a closed FLC 
formula. The model checking game Gr(s9,®) is played between Players 3 
and Player V in order to establish whether or not T, sọ H ® holds. The set of 
configurations is C := SxSub(y) x Sub(y)*. We usually write configurations 
in the form s F y; 6 where 6 = Y1; ...; Wx acts as a stack of FLC formulas 
with its top on the left. The formula y will in this case also be called the 
principal formula of this configuration. 

The intuitive meaning of such a configuration is the following. Player 3 
wants to show that s € |y; JAG ) holds under a p which interprets the free 
variables in y; ô by suitable approximants. 

The initial configuration is sọ F ® ; tt— remember that ® = ©; tt. The 
rules of the model checking game are shown in Figure 1. 

The idea underlying these games is to defer the examination of y in a 
formula y;~ and to first consider whether or not y determines the winner 
already. This is in contrast to the Boolean binary constructs A and V in 
which both operands have equal importance. However, this is not the case 
for the sequential composition operator. A natural choice would be to let 
Player 4 provide a witness for the chop (a set of states for example) and 
then to let Player V respond by choosing either of the composed subformulas. 
This is not sound though, as the following example shows. 


Example 4.5. Let @ = vX.uY.X;Y. The exact meaning of this rather 
simple formula is not too difficult to guess. It can also be computed using 
fixed-point iteration on an imaginary model with state set S. Remember 
that T and L are the top- and bottom-elements in the function lattice 
25 > 25. At the beginning, the v-quantified X gets mapped to T, and in 
the inner fixed-point iteration, Y gets mapped to L. We use the symbol o 
to denote function composition semantically as opposed to the syntactical 
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operator “;”. 
Je 
y% := 1 
yol = X? o y = 
yo2 = Xlo y! arp = yol 
GoStay i 
dere ees uh 
Yon a Re ee Ft 
yi2 = Xioylt a raa yi 


X? := Yr? T xt 


Hence, ® = tt. Now suppose that Player V was given the opportunity 
to choose a subformula of a sequential composition. In this case he could 
enforce a play which traverses solely through the p-quantified variable Y 
only. Hence, for such games we should have to abolish the correspondence 
between infinite unfoldings of fixed points and wins for either of the players 
known from parity games. 


This example only explains why the games do a left-depth-first traversal 
through formulas w.r.t. sequential compositions. This does not mean though 
that parity winning conditions on these games provide a correct character- 
ization of FLC’s model checking problem. The next example shows that 
parity winning conditions indeed do not suffice. 


Example 4.6. Consider the two-state LTS T = ({s,t},{-%, +}, L) with 


L(s) = L(t) = Ø, and st, tt. We shall evaluate the formula ® := 
bY .(b) V (a); vX.Y;X on T. Its precise semantics can be computed using 
fixed-point iteration again. 


Yo := 1 
XV = T 
X% := Yo X% = loT = L 
X2 := Yo X% = Lol = = x 
Y` := KO] u (Ea o xX) AT.[(b)]7 (T) U [(a)]7 (2) 
[(b)]7 (T) 
Au 


XY := ylo xl = [b] oT = ATI lO)]7 (fs, t} 
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= ATÁt} 
X? = Ylox™ = KÐ] oar{} = ATOT ({4) 
= AT {ti} = X" 
Y? = [7 U (Ma) 0X) = ATO T Ua] (8) 
= AT.K] (T) U {s} 


Even though the fixed point is not found yet, we can deduce by monotonicity 
that T,s = ® holds. Note that we shall have AT.[(b)]7 (T) U {s} E [®]7 
and therefore s € [8]? ({s, t}). 

On the other hand, consider the following infinite play of Gr(s,®) which 
Player 4 can enforce. It is also not hard to see that all other plays he can 
enforce should lead to a win for Player V immediately because they end in 
a configuration in which J gets stuck with no transitions to chose. 


s F uY (b) V (aj; vX Y; X ; tt 

s F Y ; tt 

s F (b) v la); v X.Y; X ; tt 

gs oF (a);suX.Y;X ; tt 

s F (a) ; WXY; X); tt 
Gye VX.Y;X 3; tt 

be ae X ; tt 

t F Y;X 3; tt 
toe Y 3; X;tt 
t F (b) v (a); v X.Y; X ; X;tt 
t F (b) ; X;tt 
A X- ; tt 


This play reaches a loop and can therefore be played ad infinitum. Note that 
both variables X and Y occur as principle formulas in configurations on this 
loop. Hence, if these games are equipped with an ordinary parity condition 
on principle formulas then the p-quantified variable Y determines—as the 
outer one of the two— Player V to be the winner of this play. But then he 
would have a winning strategy, and the games would not be correct. 

The crucial difference between the occurrences of Y and X is that each 
Y does not stem from the unfolding of the Y above but from the unfolding 
of the inner X. Such a phenomenon does not occur in the parity model 
checking games for the modal p-calculus. 


The question that arises is how to recognize those variables that truly 
regenerate themselves when a simple comparison according to the outer- 
relation is not possible. The answer is provided by the stacks in those 
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configurations that have variables as principle formulas. Note that between 
each two occurrences of X the stack does not decrease, but between two 
occurrences of Y it does. This shows that Y got “fulfilled” and the play 
continued with a formula that was on the stack when Y was principle— 
intuitively the left-depth-first search has terminated on this branch and 
follows a branch to the right of Y. This takes us back to the notion of 
Steps(7) for a play ~ in a stair parity game. 

Take the play m above. Then Steps(z) consists of all positions whose 
stack contents persist for the rest of the game. Here they are {0, 1, 2,3,5, 6,7, 
11,...}. 


Definition 4.7. If 7 = Co,C\,... is an infinite play of Gr(so, ®) and C; = 
si F pi ; 6; then Steps(7) = {i € N : Vj > i |&| > |d;|}. Furthermore, let 
T|st denote the restriction of 7 to Steps(7), i.e. 


T|st = Cio; Ci, Cin; wae iff Steps(7) = {io, 11, 12, . } 
with i; < ij iff j <j’. 


This allows us to define the winning conditions of the FLC games in a 
way that correctly characterizes its model checking problem. 


Definition 4.8. Let T = (S,{-> : a € A},L) be an LTS, so E€ S, a 
closed FLC formula and 7 = Co,Ci,... be a play of Gr(so,®) with C; = 
si F Yi; 6; for alli € N. Player 3 wins ~ if, and only if, 


1. ~x is finite and ends in some Cp with 
a) Cn = 8, q; dand q E L(s), 
b) Ch = Sn 7q; ô and q ¢ L(s), 
c) Cn = Sn F [a] ; 6 and there is not € S s.t. s = t; 


2. m is infinite and the outermost variable occurring infinitely often as a 
principle formula in 7|s is of type v. 


Player V wins ~ if, and only if, 
1. v is finite and ends in some Cp with 


a) Cn = Sn q; ô and q ¢ L(s), 
b) Cn = sn F ~q; 6 and q E L(s), 
c) Cn = Sn F (a); 6 and there is no t € S s.t. st; 


2. m is infinite and the outermost variable occurring infinitely often as a 
principle formula in |, is of type p. 
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It is then possible to show that each play has a unique winner, that the 
games are determined, etc. 


Theorem 4.9 (Lange, [11]). Player 3 has a winning strategy for the game 
Gr(s,®) if, and only if, T,s H ®. 


As a consequence we obtain an upper bound on the complexity of FLC’s 
model checking problem. 


Corollary 4.10. The model checking problem for FLC can be decided in 
EXPTIME. 


Proof. Let T = (S,{—> : a € A}, L) be an LTS and yọ € FLC. They 
induce a VPS B7 yo = (Q, A’, T’, ô) with 


2 Q =Sx Sub(¥o), 
e A’ = {chop}, Ai = {tau, mod}, A; = {disj, conj, unf}, 
e T =Sub(yo), 


e ô simply translates the rules of Figure 1 into a transition relation 


= õe := {((s, p; Y), chop, (s, 9), 0) : s E S, p; Y € Sub(yo) f; 


— ô := {((s, T), tau, p, (s, 9)) : s € S, p € Sub(yo) }U{((s, Y), mod, 
P, (t, p)) : yY € {(a), [a]},sSt,y € Sub(yo) }; 

— ĝi := {((s, p1 V p2), disj, (5, %;)) : s E S, p1 V p2 E Sub(yo), j € 
{1, 2}}U{((s, pı^p2), conj, (s, pj)) sE S, pipe € Sub(¥o), j € 
{1,2}} U {((s,o X.p), unf, (s,X)) : s E€ S,oX.p E€ Sub(yo)} U 
{((s, X), unf, (s,y)) : s € S, X € Sub(yo), fpX = o X.p} 


A stair parity game is then obtained by simply making states of the form 
(s, po V 1) choices of Player J etc., and by assigning priorities to nodes 
((s, p), 8) only depending on the principal formula ¢ s.t. all formulas other 
than variables have priority 0, u-bound, resp. v-bound variables have odd, 
resp. even priorities, and outer variables have greater priorities than inner 
ones. Correctness of this translation is given by the fact that the winning 
conditions of the FLC model checking games can easily be transferred into 
stair parity conditions by artificially prolonging finite plays ad infinitum. 
The complexity bound then follows from Theorem 4.4. Q.E.D. 


These games do not only provide a local model checking algorithm for 
FLC. They can also be used to show that the fixed-point alternation hi- 
erarchy in FLC is strict [11]. The proof proceeds along the same lines as 
Arnold’s proof for the alternation hierarchy in the modal p-calculus [2] by 
constructing hard formulas (that define the winning positions for Player 3 
in such a game) and by using Banach’s fixed-point theorem. 


448 S. Kreutzer, M. Lange 


4.3 Model-checking games for the Modal Iteration Calculus 


Stair Parity Games provide an elegant framework of model checking games 
for logics such as CARET and FLC. We give further evidence for the signif- 
icance of this concept in relation to fixed-point logics beyond the modal u- 
calculus by showing that model checking games for MIC can also be phrased 
in this context. However, the games we present here only work for finite 
transition systems. The reason for this will become clear later in the section. 

To simplify notation, we shall only explain the games for MIC-formulas 
without simultaneous inductions. Using similar ideas one can extend the 
games to cover simultaneous fixed points also. 

Suppose first that we are given a transition system J and a formula 
y := ifpX.v, where w € ML is a modal logic formula in negation normal 
form. If Player 3 wants to show that vy holds true at a node s in 7, he has 
to prove that there is a stage n € N so that s € X”. Here, choosing n out 
of the natural numbers is enough as the fixed point in a finite transition 
system is always reached after a finite number of steps. In other words, he 
chooses an n € N and then has to show that the n-fold unraveling? y” of w 
holds true at s. 

This idea is modeled in a stair parity game as follows. To choose the 
stage n € N, we give Player J the option to push as many (finitely many) 
symbols X onto the stack as he wishes. This done, the two players continue 
by playing the standard modal logic game on the ML-formula w, with the 
modification that each time the game reaches the proposition X, one symbol 
X is popped from the stack and the game continues at w again. If the stack 
is empty, then Player 4 has lost as he has failed to show that the starting 
state s satisfies Y”. However, there is one problem we need to solve. As ọ is 
a MIC formula, the fixed-point variable X may be used negatively, i.e. the 
play on w may reach a literal ~X. In this case, we again pop one symbol 
X from the stack, but then the game proceeds to the negation =y. To keep 
track of whether we are currently playing in ~ or the negation thereof, we 
rename the fixed-point variable X in ~y to X°. If the play reaches X° 
and there are no more symbols X left on the stack, then Player 4 wins. 
Otherwise, one symbol is popped and the play continues at =w again. If, 
however, a literal —X° is reached, then one symbol X is popped and the 
game proceeds back to the original formula w. 

It should be clear now that Player 3 can win this game on a formula 
y := ifpX.y and a transition system 7 with initial state s if, and only if, 
s€[y]’. 

To extend this idea to formulas containing nested fixed points, we have 


4 The n-fold unravelling Y” of w is defined as follows: w° := ff and "+! is obtained 
from ~w by replacing each occurrence of X by y”. It is easily seen that s € wI if, 
and only if, the state s occurs in stage X” of the induction on w in T. 
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to modify the game slightly. Suppose a variable Y is bound by a fixed- 
point operator dfp Y.7 inside the formula ifp X.V which binds an outer 
fixed-point variable X. When the game reaches ifp X., Player 3 pushes 
as many symbols X onto the stack as he likes. The game continues inside 
V and reaches the formula dfp Y. at which Player Y can push symbols Y 
onto the stack. Now, when the game reaches an atom X, then before we can 
regenerate the formula V and pop one symbol X from the stack, we have 
to pop all Ys first. Other than that, the rules of the game are as described 
above. 

To present this idea in more detail, let us first fix some notation. Let 
y € MIC be a formula in negation normal form and let X1,..., Xp be the 
fixed-point variables occurring in it. W.l.o.g. we assume that no fixed-point 
variable is bound twice in y. Hence, with each X; we can associate the 
unique formula v; such that X; is bound in y by fp X;.v;, where fp is 
either ifp or dfp. We also assume that the X; are numbered such that if 
i < j then ù; is not a subformula of J;. 

Let y’ be the formula obtained from ~y by first renaming every fixed- 
point variable X; in y to Xf and then bringing the formula into negation 
normal form. Let ® := Sub(y) U Sub(y’). 

Let T := (S,{—>: a € A}, L) bea finite transition system. The formula 
y and the system T induce a visibly pushdown system Br, := (Q, A’,T’, 6) 
as follows. The stack alphabet is T := {X1,..., Xx}. 

For each variable X; or Xf we use a gadget clear(X;) that pops all 
symbols X; from the stack with j > 7 until the top of the stack contains a 
symbol X; with j < i. As the gadget is deterministic, we can arbitrarily 
assign the nodes in it to either player. To simplify the presentation, we shall 
treat these gadgets as black boxes, i.e. as single nodes in the game graph. 

Now, Q contains all pairs S x ® and the nodes of the gadgets clear(X;) 
and clear(X¢) for 1 < i < k. (Recall that ® := Sub(y) U Sub(y’).) We let 
A’ := Ac U Ar U Aj where Ae := {push}, Ar := {pop}, and A; := {int}. 


de 8= { (s, ifpX.v), push, (s, ifpX.0), X) : s € S, ifpX.ð € o} 
(s, dfpX.v) Sis (s, ifpX.0), X) : s E€ S, dfpX.v € p} 
ô := {((s,clear(X;)), pop, Xi, (s,0i)) :1<i<k,seS} 
(s, clear(X£)), pop, Xi, (s, 0f)) :1<i<k,seS} 
(s, ifpX.v) fe , int, 0): : s E€ S, ifpX.V € p} 
(s, dfpX.¥), int, ( 0): sé€S,dfpx.v € p} 
(s, p1 V p2), int, - ee sES,p1V p2 E ®,i € {1,2}} 
ne oe int, (s, pi)) : s E€ S, p1 V p2 € Bi € {1,2}} 
(s, sES,tES, st, (ajy E} 


( 
( 
( 
( 
( 
( 
( 
( 
( 


{ 
{ 
{ 
{ 
u { 
{ 
{ 
{ 


int, (t,~)) : 
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U {((s, laly) int, (t, Y)): sE S,tE S, st, [alp € &} 
U {((s, Xi), int, clear(X;)) :s € S,1 <i < k} 

U {((s, XF), int, clear(Xf)) :s € S,1<i< k} 

U o „int, clear(X£)):sES,1<i<k} 

U {((s,=X$), int, clear(X;)) :s E€ S,1<i< k} 


To turn By,, into a visibly pushdown game, we need to assign prior- 
ities and the nodes where each of the players moves. Player J moves at 
disjunctions, nodes (s, (a)w), (s, ifpX;.0;), (s, Xi), (s, Xf), (s, clear(X;)), 
and nodes (s,q), q € P, if q ¢ L(s). At all other nodes Player Y moves. Fi- 
nally, nodes (s,ifpX;.0;) are assigned the priority 1 and nodes (s, dfpX;.v;) 
are assigned the priority 0. Note that the priority assignment only needs 
to ensure that no player can loop forever on a fixed-point formula fp.X;.0; 
pushing infinitely many variables onto the stack. As there are no infinite 
plays unless one of the players keeps pushing symbols onto the stack forever, 
the priorities do not influence the winner of “interesting” plays. 


Example 4.11. We illustrate the construction by an example. Let 7 be 
the system 


oy *2) 

and let ọ := ifp X.(pv ifp Y.(q ^ ©X)). The corresponding game graph is 
depicted in Figure 2, where yo := (pVifp Y.(¢AOX)), p3 := ifp Y.(qAOX), 
and y4 := q^ OX are the non-trivial sub-formulas of y. To simplify the 
presentation, we have dropped the labels int and annotated the push and 
pop labels by the variable being pushed onto the stack. Note that there are 
no popY or clear(Y) labels, as the variable Y does not occur as an atom in 
the formula. 

Clearly, Player 3 wins the game from position (1, y) by first using the 
push transition to push one variable X onto the stack and then continue 
to (1,92). In this way, the play will either terminate in (1,q) or continue 
along the node (2, X) to (2, clear(X)) and then along the pop-edge, where the 
symbol X will be popped from the stack, to (2, p), and finally to (2,p). In 
both cases Player V loses. Note, however, that Player J cannot win without 
initially pushing X onto the stack, as the play will then terminate at the 
node (2, clear(X)) with the pop-edge no longer available. This corresponds 
to the state 1 being in the stage X? but not in the stage X+. (By pushing 
X once onto the stack, Player 4 enforces the play to go through the inner 
formula y2 twice, corresponding to the stage X?.) 


The following theorem can be proved along the same lines as the corre- 
sponding proof for backtracking games in [5]. 
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push X (1.9) push X (2.9) 


ra) 
push Y eH push Y 
(1,94) (2,94) 


pop X 
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Lo PRA 


FIGURE 2. Visibly Pushdown System for Ex. 4.11. 


Theorem 4.12. For every y € MIC (without simultaneous fixed points) 
and finite transition system 7, Player 4 has a winning strategy from a node 
(s, p) in the visibly pushdown game B7, if, and only if, T, s = ọ. 


Clearly, winning regions of general visibly pushdown games are not de- 
finable in MIC (as computing them is EXPTIME-hard), presumably not 
even if we restrict attention to a fixed number of priorities. However, the 
pushdown games constructed above have a rather simple structure. They 
only have two priorities but, even more important, the push transitions are 
local, i.e. for each fixed-point operator in y there is one node which has a 
self-loop pushing a variable onto the stack. Therefore, there is hope that we 
can identify a suitable fragment of visibly pushdown games containing the 
games arising from MIC-formulas and whose winning regions can be defined 
in MIC, i.e. the winner of games from this fragment are MIC-definable in 
the same way as the winner of parity games can be defined in L,,. 

We illustrate this by considering games arising from formulas ifpX. 
where w € ML. Such a game has a starting node from which a path labeled 
by push emerges. To each node v on this path with distance n to the 
root there is a copy of the game w” attached to it, where Y” is the n-fold 
unraveling of Y% w.r.t. X. Hence, to define the winner of such games we only 
need a formula that checks whether on this push-path emerging from the 
root there is a node such that Player 3 wins the modal logic game attached 
to it. The latter is clearly MIC-definable, so the whole formula is easily seen 
to be definable in MIC. 

It is conceivable that a similar construction using nested fixed points 
works for games arising from MIC-formulas with nested fixed points. How- 
ever, a formal proof of this results is beyond the scope of this survey and is 
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left for future work. 


4.4 Backtracking games 


We now turn to a different type of non-regular games, the so-called back- 
tracking games. The motivation for backtracking games comes from proper- 
ties such as the tree is balanced as shown to be expressible in MIC and FLC. 
To verify such properties in a game-theoretical setting, the game needs to 
be able to inspect all subtrees rooted at successors of the root of a finite 
tree. However, linear games such as parity games that construct an infinite 
path through a game arena can only visit one subtree, unless we introduce 
back-edges towards the root. This motivates a game model where a play 
is no longer an infinite path but a more complex subgraph. Backtracking 
games were originally introduced as model checking games for inflationary 
fixed-point logics such as MIC and the general inflationary fixed-point logic 
IFP (see [5]). We first give an informal description. 

Backtracking games are essentially parity games with the addition that, 
under certain conditions, players can jump back to an earlier position in the 
play. This kind of move is called backtracking. 

A backtracking move from position v to an earlier position u is only 
possible if v belongs to a given set B of backtrack positions, if u and v have 
the same priority Q(v) and if no position of higher priority has occurred 
between u and v. With such a move, the player who backtracks not only 
resets the play back to u, he also commits himself to a backtracking distance 
d, which is the number of positions of priority Q(v) that have been seen 
between u and v. After this move, the play ends when d further positions of 
priority Q(v) have been seen, unless this priority is “released” by a higher 
priority. 

For finite plays we have the winning condition that a player wins if 
his opponent cannot move. For infinite plays, the winner is determined 
according to the parity condition, i.e. Player J wins a play ~ if the highest 
priority seen infinitely often in m is even, otherwise Player V wins. 


Definition 4.13. The arena G := (V,E,V3,W,B,Q) of a backtracking 
game is a directed graph (V, E), with a partition V = V3U VW into positions 
of Player 3 and positions of Player V, a subset B C V of backtrack positions 
and a map 0: V — {0,...,4 —1} that assigns to each node a priority. 


Proposition 4.14 (Dawar-Gradel-Kreutzer, [5]). The following basic prop- 
erties about backtracking games are known. 


1. Backtracking games are determined, i.e. in every backtracking game, 
one of the two players has a winning strategy 


2. Backtracking games in general do not admit finite memory strategies. 
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3. Deciding the winner of a backtracking game even with only two pri- 
orities is hard for NP and co-NP. 


4. Deciding the winner of a backtracking game in general is PSPACE- 
hard. 


However, no upper bound for the complexity of backtracking games is 
known. 


Backtracking games can be used as model checking games for inflationary 
fixed-point logics, e.g. for every MIC-formula y and every transition system 
T one can construct in polynomial time a backtracking game that is won by 
Player 5 if, and only if, J = y. Here, the backtracking distance plays the 
role of the stack being used to determine a stage of the fixed-point induction 
containing the current state of the transition system. The rule that higher 
priorities reset the distance for all lower priorities corresponds to the usual 
idea that regenerating an outer fixed point restarts the induction on the 
inner fixed points. 

Unlike the stair parity games we constructed in Section 4.3, it seems 
unlikely that the winner of backtracking games is definable in MIC, even 
for the very simple fragment of backtracking games that suffice for a game- 
theoretical framework for MIC model checking. The reason is that while 
in a pushdown game, the possible stack contents are represented in the 
game graph explicitly, the backtracking distance is an “external” concept 
and counting the distance must be done in the logic itself. Therefore it 
seems unlikely that MIC suffices for this. In [5], it was shown, however, 
that the winner of a restricted class of backtracking games can be defined 
in inflationary fixed-point logic. 


5 Outlook 


Clearly, MIC and FLC are not the only (modal) fixed-point logics that ex- 
tend the modal p-calculus semantically. Another modal fixed-point logic 
of high expressivity is Higher-Order Fixed-Point Logic (HFL) [20]. It in- 
corporates into £, a simply typed A-calculus. Its ground type is that of a 
predicate and its only type constructor is the function arrow. Syntactically, 
HFL extends L, by function abstraction (AX.y) and application (y 4%). 

Not surprisingly, HFL subsumes FLC. In fact, every (sub-)formula in 
FLC is, semantically, a predicate transformer, i.e. an object of a function 
type. This way, FLC is embedded into a very low level of HFL, namely 
HFL1—the First-Order Fragment of HFL. Here, first order does not refer 
to predicate logic but to the degree of function typing that is allowed in 
subformulas of that logic. HFLO, the fragment of HFL restricted to formu- 
las in which every subformula is a predicate, is exactly £,,—syntactically 
already. 


454 S. Kreutzer, M. Lange 


The type level hierarchy in HFL is strict, and it comes with increas- 
ing model checking complexity: it is k-EXPTIME-complete for level k of 
that hierarchy [3], and this holds already for the data complexity of each 
fragment. Consequently, model checking full HFL is non-elementary. 

HFL, and in particular HFL1, is also interesting as a specification lan- 
guage for non-regular properties. It can, for instance, define assume-guaran- 
tee properties [20]. Furthermore, it can define structural properties that we 
are unable to express in FLC or MIC like that of being bisimilar to a (possi- 
bly infinite) word model. Even though we have not formally defined HFL1, 
we can present the formula for this property because it is very neat, and it 
can be read with a little bit of understanding of functional programming. 


-( ( uX? ==: AAP AB™.(A A B) V (X OA OB) ) (att (b)tt ) 


The superscripts are type annotations. The least fixed-point formula can be 
seen as a recursively defined function that takes two predicates and checks 
whether or not their conjunction holds. If not, it calls itself recursively with 
the two arguments preceeded by ©-operators. Applied to the two initial 
arguments, it checks successively, whether there are two paths of length 
1,2,... ending in an a-, resp. b-transition. 

We have not included a thorough presentation of HFL (or just HFL1) 
here, mainly because there is no interesting known game-theoretic charac- 
terization of its model checking problem. It can be solved by a reduction 
to a reachability game using fixed-point elimination [3], but it is not known 
whether or not there is an extension of parity games to capture this. The ex- 
ample above suggests that stair parity games do not suffice since two stacks 
would be needed to contain the -operators for the two different paths. 

We conclude with a positive remark: while FLC is trivially embeddable 
into HFL1, and MIC and FLC seem incomparable, it is reasonable to ask 
whether HFL1 is a superlogic of both of them. On finite models, MIC 
can indeed be embedded into HFL. This is because the computation of an 
inflationary fixed point can be carried out by a function of first-order type. 
However, since this is modeled iteratively, this translation fails in stages 
beyond w. Hence, it may not work on infinite models. It remains to be seen 
whether MIC can be embedded into HFL over arbitrary models. 
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Abstract 


This paper is a survey on the universal automaton, which is an au- 
tomaton canonically associated with every language. In the last forty 
years, many objects have been defined or studied, that are indeed 
closely related to the universal automaton. 

We first show that every automaton that accepts a given lan- 
guage has a morphic image which is a subautomaton of the universal 
automaton of this language. This property justifies the name “univer- 
sal” that we have coined for this automaton. The universal automaton 
of a regular language is finite and can be effectively computed in the 
syntactic monoid or, more efficiently, from the minimal automaton of 
the language. We describe the construction that leads to tight bounds 
on the size of the universal automaton. Another outcome of the effec- 
tive construction of the universal automaton is the computation of a 
minimal NFA accepting a given language, or approximations of such 
a minimal NFA. From another point of view, the universal automaton 
of a language is based on the factorisations of this language, and is 
thus involved in the problems of factorisations and approximations of 
languages. Last, but not least, we show how the universal automaton 
gives an elegant solution to the star height problem for some classes 
of languages (pure-group or reversible languages). 


With every language is canonically associated an automaton, called the 
universal automaton of the language, which is finite whenever the language 
is regular. It is large, it is complex, it is complicated to compute, but it con- 
tains, hopefully, many interesting informations on the language. In the last 
forty years, it has been described a number of times, more or less explicitly, 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 457—504. 
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more or less approximately, in relation with one or another property of the 
language. This is what we review here systematically. 


1 A brief history of the universal automaton 


The origin of the universal automaton is not completely clear. A well- 
publicized note [1] credits Christian Carrez of what seems to be the first 
definition of the universal automaton in a report that remained unpublished 
[2]. The problem at stake was the computation of the, or of a, NFA with 
minimal number of states that recognizes a given regular language L. And 
Carrez’s report states the existence of an automaton Uz, very much in the 
way we do in Section 2, with the property that it contains a morphic image 
of any automaton which recognizes L, and thus a copy of any minimal NFA 
which recognizes L. 

At about the same time, Kameda and Weiner tackled the same problem 
and, without stating the existence of Ur, described a construction for a NFA 
recognizing L with minimal number of states [14], a construction which 
we recognize now as being similar to the construction of Uz we propose in 
Section 4. 

Soon afterwards, in another context, and with no connexion of any kind 
with the previous problem (cf. Section 6) Conway proposed the definition 
of what can be seen also as an automaton attached to L and which is again 
equal to Uz [5] (cf. Section 3.1). 

Among other work related to Uz, but without reference to the previous 
one, let us quote [6] and [22]. Eventually, we got interested in the universal 
automaton as we discovered it contains other informations on the languages 
that those studied before (see Section 7.1) and we made the connexion 
between the different instances [21, 20]. 


2 Creation of the universal automaton 


No wonder, we first fix some notations. If X is a set, P (X) denote the power 
set of X, i.e. the set of subsets of X. We denote by A* the free monoid 
generated by a set A. Elements of A* are words, the identity of A* is the 
empty word, written 14+. The product in A* is denoted by concatenation 
and is extended by additivity to P (A*): XY = {uv |ue X,v EY}. 

An automaton A is a 5-tuple A = (Q, A, E, I, T}, where Q is a finite set 
of states, A is a finite set of letters, Æ, the set of transitions, is a subset 
of Q x Ax Q, and I (resp. T), the set of initial (resp. terminal) states, is 
a subset of Q. Such an automaton A defines an action! > of A* on Ẹ (Q), 


1 Normally, we would have denoted the action by a simple -; but later, in Section 5, 
we shall need to consider an action on the right and an action on the left, hence a 
lateralized symbol which makes the reading easier. Moreover, when necessary, i.e. 
when several automata are considered at the same time, we shall even specify as a 
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by setting first for all p € Q and all a € A 
poa = {q € Q | (p,a,q) € E}, 
and then by additivity and the definition of an action for all X € $ (Q) 


X>èla =X, Xvda= (J pea, Xpwa=(XpPw)ra. 
pEX 


The behaviour |A| (or the accepted language) of an automaton A = 
(Q, A, E,I,T) is the set of words that label a path from an initial state to 
a terminal state, i.e. 


S 


|A| = {we A |J €I, teT i a t} = {we A* | Ip>wnNT # Ø}. 


A subset of A* is called a language and a language is regular if it is the 
behaviour of some finite automaton. 


Let A = (Q, A, E, I, T) be an automaton over A*. For each state p of A, 
the past of p is the set of labels of computations which go from an initial 
state of A to p, and we write it Past4(p); i.e. 


Pasta(p) = {we A*|iel i <> p} = {we A* | pe I> u}. 


Dually, the future of p is the set of labels of computations that go from p 
to a final state of A and we write it Fut,4(p), i.e.: 


Futa(p) = {w € A* | 3t Ee T p-> t} = {we A*| pp wNT # ø}. 


Likewise, for each pair of states (p,q) of A, the transitional language of 
(p,q) is the set of labels of computations that go from p to q and we write 
it Trans,(p, q), i.e.: 


Transa(p, q) = {w € A* | p -> a} = {we A* | q E€ pow}. 


For each q in Q, we clearly have 


[Pasta (q)] [Fut.a(q)] € |A]. (*) 


Thus, in every automaton, each state induces a set of ‘factorisations’ — 
which is the name we give to equations of the type (x) — of the language it 
recognizes. The starting point of the construction is to prove the converse of 
this observation, namely that we can construct from the set of factorisations 
of a language L of A* an automaton which accepts L. 


subscript the automaton that defines the action in action: p > a. 
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FIGURE 1. Representation of the past and future of q in A 


2.1 Factorisations of a language 

In the rest of this paper, L is a language of A*. We call subfactorisation 
of L a pair (X,Y) of languages of A* such that XY C L and factorisation 
a subfactorisation (X,Y) which is maximal for the inclusion, that is, if X C 
X', Y C Y' and X'Y’ C L then X = X’ and Y = Y’. We write Fr 
for the set of factorisations of L. If (X,Y) is in Fz then X is called a left 
factor and Y a right factor of L. The maximality condition on factorisations 
already implies that the left and right factors are in a 1-1 correspondence. 
The notion of quotient allows to be even more precise. 

The left quotient (resp. the right quotient) of L by a word v is the 
language? v-!L = {w € A* | vw € L} (resp. the language Lv™! = {u € 
A* | uv € Ly). 

If WZ C L then Z is contained in Y = (),,<ww -L and thus Y is 
maximum such that WY C L. From which a series of properties are easily 
derived, that are worth stating for further usage, with, or without, explicit 
reference. 


Proposition 2.1. 
(i) For every (X,Y) in Fz, 


Y=(] zL and X= (f ty, 
xsEX yeY 


(ii) Conversely, any intersection of left quotients is a right factor, and any 


intersection of right quotients is a left factor. 


(iii) If W and Z are such that WZ C L, then there exists (at least) one 
factorisation (X,Y) of L such that W C X and Z CY 


(iv) The property ‘(X,Y) is a factorisation of L’ induces a bijection be- 
tween the left and right factors of L. 


2 Sometimes called residual of L. 
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Corollary 2.2. A language is regular if, and only if, it has a finite number 
of factorisations. 


Remark 2.3. We write Lt for the transpose of L, that is, the set of mir- 
ror image of words in L. If (X,Y) is a factorisation of L, (Yt, X+) is a 
factorisation of L*. By duality, we unterstand the change from L to Lt. 


2.2 Universal automaton of a language 


The definition of factorisations of a language allows in turn to set up the 
definition we are aiming at. 


Definition 2.4. The universal automaton Ur of L is defined as Ur, = 
(FL, A, EY, I”, T*}, where: 


"={(X,Y)e€Fr|la eX}, T* ={(X,Y) € Fr | la- EY}, 
t = {((X,Y),a,(X’,¥’)) € FLX Ax Fr | XaY’ C L}. 
From the maximality of the factorisations follows: 
(X,Y)ce I 4>YCL, (X,Y)ceT* 4> XCL, (1.1) 
((X,Y),a,(X',Y’)) € EY XaC x! aY' CY. (1.2) 


The description of computations in the universal automaton is then a gen- 
eralisation of the above equation. 


Lemma 2.5. For all (X,Y) and (X’, Y’) in Fy and for every w in AF, it 
holds: 


(X,Y) a (X',Y') 4 XwY' CL Xw C Xx’ wY' CY. 
L 
Proof. By induction on |w|. The property holds true for |w| = 1, by defini- 
tion of E* and by (1.2). 
Suppose that a Y) — (X’,Y’); there exists then (X”, Y”) in Fr 


A 


such that (X,Y) -> (X", Y and (X",¥") -= 


Xa C X” and x'w. C X’, hence XawY’ C L. 

Conversely, XawY’ = [Xa] [wY"] C L implies that there exists (X”, Y”) 
in Fz such that Xa C X” and wY’ C Y”, thus Xay” C Land X"wY' CL, 
which, by induction hypothesis, gives (X, Y) — (X',Y’). Q.E.D. 


> (X', Y’). We thus have 


A fundamental property of the universal automaton is given by the fol- 
lowing. 


Proposition 2.6. If (X,Y) is a factorisation of L, it then holds: 


Pasty, ((X,Y)) =X and Futy,((X,Y)) =Y. 
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Proof. The definition of T” itself states that Futu, ((X,Y)) contains 14» if, 
and only if, Y contains 14». Let w be a non empty word in Futu, ((X,Y)), 


that is, (X,Y) ae (X’, Y’) with 14. in Y’. By Lemma 2.5, XwY’ C L; 
L 


as 14» is in Y’, Xw C L and w is in Y by maximality of Y. Therefore 
Futu, ((X,¥)) CY. 

Conversely, if (X,Y) is in Fz, XY = [XY][La«] C L and there exists 
a right factor Y’, containing 14+, such that XYY’ C L. By Lemma 2.5 
again, Y C Futy, ((X,Y)). 


The other equality is obtained by duality. Q.E.D. 


As la«L = Lla» = L, L is both a right and a left factor, to which 
correspond the left factor Xs and the right factor Ye. We call (Xs, L) the 
starting factorisation, and (L, Ye) the ending factorisation.? 


Corollary 2.7. Uz recognises L. 


Proof. For any factorisation (X,Y) in I*, Y C L since 14+ € X. Then 
Uz) = Ucxyyere Futu: (4, Y)) = Ux yyere Y is contained in L. Since 
(Xs, L) € I” then |Uz| = L. Q.E.D. 


The universal automaton is canonically associated with L, like the min- 
imal deterministic automaton or the minimal co-deterministic automaton; 
unlike them, it is not lateralised, that is, not oriented from left to right nor 
from right to left. It is a restatement of Corollary 2.2 that L is regular 
if, and only if, Uz is finite. And the universal automaton Uz: of L* is the 
transpose automaton of Uz. 


Example 2.8. 
(i) Let Lı = A*abA*. The set Fr, = {u,v, w} is easily computed: u = 
(A*, A*abA*), v = (A*aA*, A*bA*) and w = (A*abA*, A*). Figure 2 


shows Uz. 


(ii) Figure 2 also shows the universal automaton of Lə = aA*. This 
example allows us to see that a universal automaton is not necessarily 
trim: a factorisation (Ø, A*) (resp. (A*,@)), if it exists, corresponds 
to a non-accessible (resp. a non-co-accessible) state. 


2.3 Universality of the universal automaton 
We begin with the definition of morphism of automata and some related 
notions that will be central to our purpose. 


3 Conway, who did not define the universal automaton as such, called them initial and 
final factorisation respectively, an option that is not open to us. 
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a a+b 
() a 
ey 
(1+ aA*,aA*) (aA*, A*) 
ee 
a+b 
a+b a+b 
(A*, Ø) 
a+b 


FIGURE 2. The universal automaton of Lı (left) and of Lə (right) 


2.3.1 Morphisms, quotients and minimal automata 
In the sequel, A = (Q, A, E, I, T) and B = (R, A, F, J,U) are two automata 
over A*. 


Definition 2.9. A map ọ from Q into R is a morphism of automata, and 
we write y: A — B if, and only if, 


gpI) CJ, (fT) CU, and y(E) = {(¢(p), a, 9()) | (p,a,9) € E} CF. 


The morphism ¢ is surjective if B = (p(Q), A, p(£), (I), y(T)) (we also 
say that B is a morphic image of A). 


If y: A — B is a morphism, the image of a computation in A is a 
computation in B, with the same label, which directly implies the following. 


Proposition 2.10. Let y be a morphism from A into B. Then, for every 
state p of A, 


Pasta (p) C Pasta(p(p)) ,  Futa(p) C Futs((p)), (1.3) 


and then 
|A| c |B]. (1.4) 


The notion of morphism is not lateralised and if y: A — B is a morphism 
then sois y: At > Bt. If y: A > B is a surjective morphism and if moreover 
|A| = |B], then any two states p and q of A such that y(p) = y(q) are said 
to be mergible (in A). 


Proposition 2.11. The universal automaton Uz has no mergible states. 


Proof. Suppose, by way of contradiction, that y: Ug — C is a surjective 
morphism and that |C| = L. 

If y((X,Y)) = y((X’, Y’)) = s the combination of Proposition 2.6 and 
Proposition 2.10 yields X U X’ C Paste(s) and Y U Y’ C Fute(s) from 
which follows (X U X’)(Y UY’) C Paste(s)Fute(s) C L, impossible by the 
maximality of factorisations. Q.E.D. 
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Definition 2.12. A morphism y: A — B is Out-surjective if 


(i) for every (r,a,s) in F and every p such that (p) = r there exists q 
such that y(q) = s and (p,a,q) in E; 


(ii) for every p in Q, if y(p) is in U then p is in T. 


The notion of Out-surjectivity is lateralised and y: A — B is said to 
be In-surjective if p: At > Bt is Out-surjective. If y: A — B is both 
surjective and Out-surjective (resp. and In-surjective) B — and p — is 
called a quotient (resp. a co-quotient) of A. An easy proof by induction on 
the length of the computations establishes the following. 


Proposition 2.13. If the automaton B is a quotient (resp. a co-quotient) 
of the automaton A then |A| = |B]. 


We thus have three distinct notions of maps for automata: morphism, 
quotient, and co-quotient, that lead to three distinct notions of minimality. 
The minimal quotient of a (non deterministic) automaton A exists and is 
unique, canonically associated with A — not with |A| unless A is determin- 
istic —, defined by a generalisation of the so-called Nerode equivalence, and 
computed, if necessary, by a kind of Moore algorithm. The same is true of 
co-quotient, up to a transposition. The notion of minimality with respect 
to morphism is slightly more tricky and unicity is lost. 


Definition 2.14. Let A be an automaton over A* that accepts a lan- 
guage L. We say that A is m-minimal if the following two properties hold: 


(i) every proper subautomaton of the trim part of A accepts a language 
that is strictly contained in L; 


(ii) every proper morphic image of A accepts a language that contains 
strictly L. 


In other words, an automaton is m-minimal if every state is necessary 
—unless it is a sink or a co-sink— and no two states are mergible. 

We have decided to coin that new term ‘m-minimal’ for there are too 
many ‘minimal’ around. A minimal quotient is not necessarily m-minimal 
and the sentence ‘A minimal quotient is not necessarily minimal’ sounds 
definitively too awkward. Of course, neither a minimal quotient, nor a m- 
minimal automaton have a minimal number of states for accepting the same 
language. Some consistency is given by the following. 


Proposition 2.15. The minimal automaton of a language L (which is the 
minimal quotient of any deterministic automaton that recognises L) is m- 
minimal. 
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Proof. Every state p of the minimal automaton of L is characterised by its 
future which is equal to u~!L, for any u in its past. If p and q are two 
distinct states there is one, say p, whose future contains a word w which is 
not in the future of q. For any v in the past of q, w does not belong to v—!L, 
that is, vw does not belong to L and still would be accepted in any morphic 
image where p and q were merged. Q.E.D. 


2.3.2 Morphisms into the universal automaton 

The following property of the universal automaton is the one that has been 
appealing to most people. We call it ‘universality property’ and the univer- 
sal automaton gets its name from it. 


Theorem 2.16. If A is an automaton that recognises any subset K of L, 
then there exists a morphism from A into Uy. 


This result is established via the definition of a map from A into Uz, 
canonically associated with A, and which is then shown to be a morphism. 


Definition 2.17. Let A = (Q, A, E,I,T) be an automaton that recognises 
a subset K of L. The (left) canonical map p: Q — Fry is defined by y(p) = 
(Xp, Yp) with 


Yp = {v € A* | Pasta(pv C L} = () wt. (1.5) 


u€ Past, (p) 


In other words, ọ is defined by associating with every state p of A the 
factorisation of L with the largest possible right factor that is compatible 
with the past of p in A. 


It follows directly 


Proof of Theorem 2.16. Let pin Q and y(p) = (Xp, Yp). 
) C Yp from which we 


from the definition that Past4(p) C X, and Futa 
deduce that (I) C I” and (T) C Te 

Moreover, (p,a,q) in E implies Past4(p)a C Past4(q) from which one 
deduces Past(p)aY, C Pasta(q)¥, C L hence aY} C Yp and by (1.2), 


y is a morphism, that will be called (left) canonical morphism (from A 
to Uz). Q.E.D. 


If we apply Theorem 2.16 to a m-minimal automaton A accepting L 
we get a morphism from A into Uzr that has to be injective since A is 
m-minimal. We have thus proved (see an example at Figure 3): 


Corollary 2.18. Every m-minimal automaton accepting L is a subautoma- 
ton of UL. 


On the other hand, an automaton A accepting L and that has stricly 
more states than Uz is sent into Uz by a morphism which is necessarily non 
injective. We have thus proved: 
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b a a+b G a+b - 
b b b 
B Botki 


FIGURE 3. Three m-minimal subautomata of Uz, 


Corollary 2.19. The universal automaton Uz is the largest automaton 
recognizing L without merging states. 


Proposition 2.20. The universal automaton Uz is minimal for the univer- 
sality property. 


Proof. Suppose C has the universality property (with respect to L). As Ur 
accepts L, there should be a morphism from uz into C; as Uzr has no merging 
states, this morphism should be injective: C has at least as many states 
as UL. Q.E.D. 


3 Exploration of the universal automaton 


The universal automaton we have just defined may be seen in different 
ways, from different perspective, bringing to light other characteristics and 
properties of this unique and canonical object. We consider here three of 
them. The first one is Conway’s method, that yields the ‘fatest’ version 
of the universal automaton. The second one follows a universal algebra 
track that eventually makes easy and natural a geometric description of 
factorisations that was presented by Courcelle, Niwinski and Podelski ([6]). 
The third one, due to Lombardy [17] produces the most ‘emaciated’ version, 
an automaton where only the minimal information is kept and where an 
interesting and hidden structure is thus discovered, especially in the case of 
pure group languages. 


3.1 The factor matrix 
We keep the previous notation: Ur = (Fr, A, E*,I*,T*) is the universal 
automaton of the language L of A*. Automata are matrices (and vectors); 
this is the way we look at them in this section. As we are interested in 
matrices (and vectors) of dimension Fz, we use throughout the section the 
following notation: if M is a square matrix of dimension Fz and for brevity, 
we write Mx,y instead of M(x,y) x,y) for the entry at row (X,Y) and 
column (X’, Y”), for all (X,Y) and (X’, Y”) in Fy. For a row-vector (resp. 
a column-vector) V we write Vy (resp. Vx) instead of Vix,y). Proposi- 
tion 2.1 (iv) legitimates this shorthand. 

A first example is E” itself, viewed as a matrix with entries in $ (A*) 
(indeed in 5B (A)): 

Eż y, ={aeA|XaY' C L} 
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for all factorisations (X,Y) and (X’, Y’) in Fz. On the other hand, the left 
factors are naturally ordered by inclusion, an order that carries over on Fy: 


(X,Y) < (X,Y) = X CX’ ee Y' CY. 


As any relation on Fz, this order is described by a Boolean matrix C”: 


WX, Y), (XY) EFL Cy =1 X CX’ XY'CL; 
and since C* is the matrix of a reflexive and transitive relation, it holds: 
(C=) = 0%. (1.6) 


The characterisation of E* by Equation (1.2) yields that C% y = 1 implies, 
for all (X”, Y") in F, E% yn G EX yn and Exn y E E% y’, which 
means: 


C!. Bt = E" . C* = E". (1.7) 


Definition 3.1. The factor matrix of a language L is the matrix F* of 
dimension Fz with entries in P (A*) defined by: 


for all factorisations (X,Y) and (X’, Y”) in Fz. Every entry of F* is called 
a factor of L. 


By definition, Fý y, is the maximal Z such that X ZY’ C L. By defini- 
tion’ also, F’N{14~} = C? and F*N{A} = E*. Lemma 2.5 states exactly 
that 


F*qn{At}=(E*)* and thus F* = C* + (E*)t =C"4+(E*)*. 
Classical formulas for the star of a sum, together with (1.6) and (1.7) yields: 
Proposition 3.2. F* = (C* + E*)*. 

From which one deduces: 
Corollary 3.3. F’ = (F*)*. 
A direct consequence of which is: 
W(X, Y), (X', Y"), ( X", Y") E€ Fr FẸ y Fẹ, yn C Fẹ yn. (1.8) 
Conversely, we have: 


4 It should be obvious that F’ N K is the matrix of dimension Fy, obtained by taking 
the intersection of every entry of F? with K. 
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Lemma 3.4. If W,Z C A* and (X,Y), (X', Y’) in Fr are such that WZ C 
F% y, then there exists (X”, Y”) in Fy such that W C FY yn and Z C 


Fý y . 


Proof. If WZ C Fy then XWZY’ C L and there exists a factorisa- 
tion (X”,Y”) that dominates the subfactorisation (XW, ZY’) of L. The 
inclusions XW C X” and ZY’ C Y” yield the conclusion. Q.E.D. 


A matrix, together with initial and final vectors, is an automaton and one 
can see (Fz, A, F",I”,T*) as a generalised automaton where the transitions 
are labelled by the factors of L, instead of by letters. Figure 4 shows the 
factor matrix of the languages Lı and Lə of Example 2.8 in this way. 


(1+ aA*,aA*) 


FIGURE 4. The factor matrix of Lı (left) and of Lə (right) 


The starting and ending factorisations play a special role in the factor 
matrix. Since X,[ = LY. = L, we have X,LY. = L where L is obviously 
maximal: Fý, y, = L. 

For every (X, Y) in Fz, FX, y is maximal in X,FX, yY C L thus in the 
factorisation (F%, y, Y) of Ys = L, hence Fý y = X and dually Fyy, =Y. 


3.2 The syntactic nature of the universal automaton 


All that has been done so far for languages, that is, subsets of a free monoid, 
could have easily been done as well for subsets in any monoid: the freeness 
of the base monoid A* was not involved, at the very most the generators 
of A* were considered but this also could have been bypassed, especially 
with the help of the factor matrix. If M is a monoid and K a subset of M, 
a subfactorisation of K is a pair (X,Y) of subsets of M such that XY C K 
and a factorisation is a subfactorisation (X,Y) that is maximal for the 
inclusion, that is, if X C X’, Y C Y’ and X’Y’ C K then X = X’ and 
Y = Y’. We write Fx for the set of factorisations of K. If (X,Y) is in Fx 
then X is called a left factor and Y a right factor of K. And so on. 

On the other hand, the study of regular languages relies heavily on 
the notion of morphisms (of monoids) and that of syntactic monoid (of a 
language). A language L of A* is said to be recognised by a morphism a, 
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a: A* — N, if a~'(a(L)) = L or, which is the same, if L is a union of 
classes for the map equivalence of a, that is a congruence of A*. The same 
could be said of a subset K, replacing L, of a monoid M, replacing A*. The 
quotient of A* by the coarsest congruence that saturates L is the syntactic 
monoid of L, denoted Synt(L). A language of A*, a subset of a monoid M, 
is said to be recognisable if it is recognised by a morphism into a finite 
monoid, or, which is the same, if its syntactic monoid is finite. 

We like to say that a property is ‘syntactic’ if true for a language L, 
or a subset K, recognised by a surjective morphism a, it is true for a(L) 
or a(K). The factorisations, the universal automaton, are ‘syntactic ob- 
jects’, as shown by the following. 


Proposition 3.5. Let L be a language of A*, recognised by a surjective 
morphism a. 


(i) Any factor of L is recognised by a. 
(ii) If (X, Y) is a factorisation of L, (a(X), a(Y)) is a factorisation of a(L). 


(iii) a establishes a bijection between the factorisations of L and those 
of a(L). 


Proof. Let (X,Y) be a factorisation of L: XY C L. Then a(X)a(Y) C 
a(L) and (a(X),a(Y)) is a subfactorisation of a(L) which we suppose 
dominated by a factorisation (U,V). From a(X) C U and a(Y) C V 
we deduce X C a!(a(X)) C a 1(U) and Y C a“ }(a(Y)) C a l(V) 
and a“ 1(U)a“!(V) C a *(a(L)) = L. Since (X,Y) is a factorisation, 
X =a !(U) and Y =a“ (V). 

This demonstrates at the same time that, (i) X = a7~'(a(X)) and Y = 
a`! (a(Y)), and (ii) a(X) = U and a(Y) = V: (a(X), a(Y)) is a factori- 
sation of a(L). 

For the same reason, a~'(a(F¥ y)) = F y for all factorisations (X,Y) 
and (X’', Y’) of L. l l 

Conversely, let (U, V) be a factorisation of a( L); then (a™t(U), a7! (V)) 
is a subfactorisation of a~!(a(L)) = L which we suppose dominated by 
a factorisation (X,Y). Since (U,V) is a factorisation, neither U C a(X) 
or V C a(Y) may be strict inclusion and (a~'(U),a7'(V)) is a factori- 
sation. Q.E.D. 


Example 3.6. The syntactic monoid of Lı is Mı = {1m,, £, y, t, z} defined 
by the relations cz = x, yy = y, yx = t, and zy = at = ty = z. The 
syntactic morphism a: A* — Mı sends a onto x and b onto y. Then 
a(Lı) = z and the factorisations of z in Mı are ({z}, Mı), (Mı, {z}), 


and ({a,t, z}, {y, t, z}). 
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Let M be any monoid and let Ym: MxM — M be the map defined by 
wu ((u,v)) = w. (This map is not a morphism unless M is commutative.) 
It can be seen as the multiplication table of M: in a matrix T of size MxM, 
each element m appears as the entry (u,v) of T, for all (u,v) in wy, (m). 

A factorisation of a subset K of M appears as a maximal rectangle in 
the subset War (K) and this point of view, possible in the general case, is 
without doubt the simplest when M is finite. 


Example 3.7. The table of the monoid Mı, cleverly laid out (we have 
inverted the order of the elements x and y by row and column) is shown in 
Figure 5. The factorisations of the subset {z} are made clearly visible with 
rectangles. The figure also shows the factor matrix of {z}, under the form 
of an automaton labelled with subsets. 


FIGURE 5. Factorisations and factor matrix of {z} in Mı 


Example 3.8. We consider the (additive) monoid Z/3Z. Figure 6 shows 
the factorisations of the subset {1,2} and its universal automaton. The 
states are labelled by the left factor of the corresponding factorisation, and 
the label of the transitions is always the generator 1. This automaton is 
thus (up the addition of the transitions having the label b) the universal 
automaton of the language L3 = {w € {a,b}* | |wla Æ |wlp mod 3} since 
Synt(L3) = Z/3Z and the image of Ls there is {1,2}. 


FIGURE 6. Factorisations and universal automaton of {1,2} in Z/3Z 
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Proposition 3.5 holds for a recognisable subset K of any monoid M. 
This implies that such a subset is accepted by an automaton with a finite 
number of states, whose transition matrix is the factor matrix F+. To 
make this automaton really finite, the monoid is required to be generated 
by a finite set G, and the transitions of the universal automaton of K are 
then given by F* N G. This automaton accepts K, and more precisely, 
for every element x of K, for every factorisation x = %1...%, of x over 
G, the sequence (21,...,2%n) is the label of (at least) one computation of 
the universal automaton. This is the reason why the universal automaton 
relates to recognisable subsets and not to rational subsets. 

Actually, a subset K of a monoid is rational if and only if there exists 
a finite automaton such that for every element of K, there is at least a 
factorisation of this element that labels a computation, whereas a subset K 
of a finitely generated monoid is recognisable if and only if there exists a 
finite automaton such that for every element of K, every factorisation of 
this element (w.r.t. the generators) is accepted. ° 


3.3 The écorché of the universal automaton 
The order on the factorisations of L considered above (and induced by 
the inclusion order on the left factors) can be used to give a simplified 
description of Uz. Indeed, if (X,Y) om (X’, Y’) then, 
L 
V(X1,¥1) E Fr (X1, Y1) < (X,Y) SA a r; 
L 
V(X2,Ya)€ Fr  (X',Y’) < (Xa, Yo) = (X,Y) -> (X2, Y2). 
L 
Moreover, if (X,Y) is initial, any larger factorisation is initial and, dually, 
if it is final, any smaller factorisation is final. The order on factorisations is 
described by the matrix C” and what we have just observed is a rewording 
of (1.7): C4. E* = E* . C% = E* and of I = C*- I” and T* = T” . O%. 


A solution of XaY’ C L is maximal if 


Xa% CL and XCX, YCH X=X, and Y'=y 


for all factorisations (X1, Y1) and (X2, Y2) in Fz. That is, (X,Y) is as large 
as possible, and (X’, Y’) as small as possible such that (X,Y) Ti (X’, Y’). 


L 


We then define the matrix H” of dimension Fz and with entries in (A) 
by 
aeHyy => XaY' CL is maximal. 


5 By virtue of Kleene Theorem, in the free monoid, recognisable subsets and rational 
subsets are the same: they are regular languages. 
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On the other hand, we note that the starting factorisation (Xs, L) is the 
smallest factorisation that is initial in Uz and, dually, the ending factorisa- 
tion (L, Ye) is the largest factorisation that is final. All these observations 
amount to the following. 


Proposition 3.9. 
(i) H* is the minimal matrix such that E* = C’- H* . O*; 
(ii) I” is the X,th row of C*; 
(iii) T” is the Yeth column of C”. 


Further economy in the description consists in considering the “maxi- 
mal” solutions of XY’ C L that are not in Fr and in defining the Boolean 
matrix D” by: 


Dšy:=1 = (X,Y) emax{(X",¥") € Fp | X CX}. 


That is, DX y» is the matrix of the Hasse diagram of the order on factori- 
sations. 
This definition directly yields 


Proposition 3.10. D* is the minimal matrix such that C* = (D*)*. 


Definition 3.11. We call écorché of Uz the automaton: 
Er = (Fi, A, D* UH", {(Xs, L)}, {(L, Ye)}). 


The automaton Mr is then obtained from Ez by backward and for- 
ward closure of the spontaneous transitions. In the sequel, we rather draw 
écorchés instead of universal automata, because they have less transitions 
and it is often easier to understand the structure of the universal automaton 
on the écorché. 


Example 3.12. The factorisations of Lı = A*abA* are totally ordered 
u = (A*, Lı) 2 v = (A*a A* , A*bA*) > w = (Lı, A*), 
and so are the factorisations of Lz = aA”*: 
(aA*, A*) < (1 + aA*,aA*) < (A*, Ø). 
Figure 7 shows the écorché of the universal automata of these two languages. 


In the case of pure-group languages, that is, languages whose syntac- 
tic monoid is a group, the écorché of the universal automaton has a very 
special form. The states of the strongly connected components are the pair- 
wise uncomparable factorisations. The non spontaneous transitions, that is, 
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a+b 


FIGURE 7. The écorché of Uz, (left) and Uz, (right) 


the transitions described by the matrix H”, are all the transitions in these 
strongly connected components whereas the spontaneous transitions put an 
order on the strongly connected components and the écorché is thus decom- 
posed into levels. Figure 8 shows the écorché of Uz,. A more complicated 
écorché for a pure group language is shown at Figure 15, where the levels 
appear even more clearly. We shall characterise them at Subsection 7.2. 


FIGURE 8. Ecorché of the universal automaton of {1,2} in Z/3Z 


4 Construction of the universal automaton 


The universal automaton has been defined, and then described. From what 
we have already seen, it follows immediately that the universal automaton of 
a regular language is effectively computable. We present now an algorithm 
[18], somehow optimal, which performs the task. From this construction 
of Uz, we then derive an effective description of the (left) canonical morphism 
from any automaton B which accepts L into Uz. An example of a method 
for finding a small NFA accepting a given language is described in the last 
subsection. 


4.1 Computation of the factorisations 


As above, let L be a language of A*. The key for the construction of Uz 
is the computation of the factorisations of L. From Proposition 2.1, every 
right factor of a language is an intersection of left quotients of this lan- 
guage. As the quotients of the languages are the futures of the states of any 
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deterministic automaton A that accepts the language, for every factoriza- 
tion (X;,Y;) of the language L, there exists a subset P of states of A such 
that Y; = (pep Futa(p). But this subset may be not unique. The set of 
subsets P such that the intersection of the futures of states in P is equal to 
Y; is closed under union, thus there exists a unique maximal P; such that 
Y;= Npe p, Futa (p). To get an efficient representation of factorisations, we 
have to compute these maximal subsets corresponding to factorisations. 

Let A = (Q, A, ô, i, T) be a complete accessible deterministic automaton 
that accepts L. Let Q4 be the set of states of Agog, the co-determinisation 
of A; Q4 is a subset of B(Q), ie. an element of P (P (Q)). We denote 
by Z4 the closure under intersection of Q4. Notice that Z4 always contains 
Q itself (as the intersection of an empty set of elements of Q4). 


Theorem 4.1. The mapping Ya from Z4 into Fz defined by: 


pa: La — FL 


P — (X,Y), with Y = () Futa(p) 
pEP 


is a bijection. 


Proof. As every intersection of left quotient is a right factor of the language, 
this mapping is well defined. In order to prove that this is a bijection, we 
prove that 


Fr — P (Q) 
(X,Y) — {p| Y C Futa(p)} 


is a mapping from Fy onto T4. Let (X,Y) be a factorisation and P = {p | 
Y C Futy(p)}. Let Aca = (Qa, A, H, J, t) be the co-determinisation of A 
and let R be the set of states of Agog that contain P. 

By construction of the co-determinisation, for every state s in Agog and 
for every word u in Futy,,,(s), it holds: s = {p | u € Fut4(p)}. Hence R is 
the set of states of Agog whose future has a non empty intersection with Y. 
Moreover, Y = Uer Fut..y(s). Hence, a state p of A belongs to every state 
of R if and only if its future contains Y. Thus, P = ferS ETA. Qe. 


Remark 4.2. This construction can take any deterministic automaton as 
input and gives the same result. Indeed, when a deterministic automaton 
is co-determinised, states that are Nerode-equivalent (i.e. that would be 
merged by a minimisation algorithm) appear exactly in the same states of 
the co-determinisation. They become indissociable and the set Z4 actually 
does not depend on the input, but only on the language L. 
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Remark 4.3. The order on factorisations is realised on Z4 by the inclusion 
order. 


Proposition 4.4. Let A = 


(Q, A, ô be a complete deterministic au- 
tomaton. Let P in Z4 and (X,Y) = 


wa(P). Then 


X = |_J Past.a(p) and P=ipX. 
pEP 


Proof. Let (X,Y) be a factorisation; X = {u | uY C L} = {u | Y C u™tL}. 
For every word u in X, let p = iò u; as A is deterministic, u~“! L = Fut4(p). 
Hence, p is in P; therefore, X C Unep Past4 (p). Conversely, let v be a word 
in the past of some state p in P. It holds vFut4 (p) C L and Y C Futy(p), 
hence v is in X. Q.E.D. 


We have thus characterized the factorisations of the language, that is 
the states of the universal automaton. We can now give a construction for 
the universal automaton. 


Proposition 4.5. Let A = (Q,A,06,i,T) be a complete deterministic au- 
tomaton that accepts L. The automaton (Z4, A, D, J,U) defined by: 


D={(P,a,S)€T4xAxTya|ProacS}, (1.9) 
={PeT,|ieP}, U={PeZy| PCT}, (1.10) 
is isomorphic to the universal automaton of L: Ur = (FL, A, E’,I*,T*). 


Proof. Theorem 4.1 defines a bijection from Z4 onto Fg. We have to check 
that the definitions of D, J and U correspond to E*, I” and T” of Defini- 
tion 2.4. Let (Xp, Yp) and (Xs, Ys) the factorisations corresponding to P 
and S: 
Yp=(]Futa(p), Ys = () Futu(p). 
pEP pes 


We have 


Poacs Ys c () Futa(p) 
pEPra 


<= aYsC{)Futu(p)=Yp = XpaYs CL. 
pEP 


pal) ={(X,Y) € Fr | Y C L} 
={(X,Y) € Fr | la € X}. 
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PAU) = {(X,Y) € Fr | las E Y}. 
Q.E.D. 


Remark 4.6. Once Z4 is computed, the construction of Uzr goes as follow: 
Ty is the set of states; for every P in Z4, if i is in P, make P initial, if P is 
a subset of T, make P final; for every letter a, compute Ppa, and for every 


Rin T4 that contains P > a, add a transition (P, a, R). 


4.2 Computation of the canonical morphism 


If the universal automaton is computed from a complete deterministic ac- 
cessible automaton A, the left canonical morphism from any equivalent 
automaton B into the universal automaton can be computed in polynomial 
time. 

Let P be the accessible part of the product of A by B. Every state of P 
is a pair (p,q) of a state of A and a state of 6. Let R, be the set of states p 
of A such that (p,q) is a state of P. We define an application pg from the 
states of B into Z4: pg(q) is the smallest element of Z4 which contains Ry. 


Proposition 4.7. The morphism from B into Uz induced by yz is the left 
canonical morphism. 


Proof. Let r be a state of B. It holds Ry = ib Pastg(q). Let Y = 


Npe R, Fut A(p). As A is deterministic, the futures of its states are quo- 
tients and thus Y is a right factor. We show that this is the largest right 
factor such that [Pastg(q)] [Y] C L. 


Pastg(q AH Pastp((p, q cU Past.a(p 
peER, pEeR, 


As [Uper, Pastalp)| [N er, Futa(p)] © L, [Pasts(a)] [Y] © L. Let v be a 


word which is not in Y. There exists a state p in Rg such that v is not in 
Futa (p) and there exists a word u in Pastg(q) such that p = iD u. We have 


v g u™!L and w ¢ L. This proves that Y is maximal. 

We show now that Y is the right factor of w,4(ys(q)). As pg(q) is the 
smallest element of Z4 which contains R4, they correspond to the same 
right factor, i.e. Y = Mpepg(a) Futa(p). Q.E.D. 


4.3 Searching for NFA of minimal size 


It is known that the computation of a NFA with minimal size from the mini- 
mal automaton of a language is a PSPACE-complete problem [13]. However, 
the universal automaton is a good framework to explain exact algorithms 
or to describe heuristics that give approximate solutions. 
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First, the universal automaton of a language contains any equivalent 
NFA with minimal size, since the canonical morphism from this NFA into 
the universal automaton is injective. 

Then an exact algorithm would consist in enumerating all subautomata 
of the universal automaton (starting with the smallest) and testing if they 
accept every word of the language. 

This fact is the base of many heuristics. There exist several conditions on 
subautomata of the universal automaton built as in Proposition 4.5. Each 
of these conditions is either necessary or sufficient for the subautomaton 
accepts the language. In [25], Polák has made a comparison between a large 
set of these conditions. They all give tractable algorithms that compute 
NFA accepting the language, hopefully small, but not necessarily of minimal 
size. 

The first authors that give such a condition are Kameda and Weiner 
in [14]. They build a table, whose rows are indexed by the states of the 
minimal automaton and the columns by the states of its co-determinisation, 
and read factorisations in this table. They define a property of cover, that 
guarantees that a set of factorisations corresponds to an automaton (actu- 
ally a subautomaton of the universal automaton, even if they do not define 
it), that accepts the language. 

Along the same line of work, Matz and Potthoff [22] have defined another 
automaton, which they call fundamental automaton and which contains, 
strictly in some cases, the universal automaton. They then give a condition 
that guarantees that a subautomaton of the fundamental automaton accepts 
the language. We present here a condition that is inspired by this one and 
which is an example of a heuristic that search for small NFA. 


Proposition 4.8. Let A = (Q,A,06,i,T) be a deterministic complete au- 
tomaton and let Uz, be the universal automaton built from A. Let R be a 
subset of Z4 such that: 


(i) UperpcrP =T; 
(ii) for every P in R, for every letter a, for every q in Q such that qra = p, 
there exists S in R, such that q is in S and S>a C P. 


Then the subautomaton of Uz with set of states R accepts the language. 


Proof. Let u be a word of L. Let po = i, p1,..., pk the states of the compu- 
tation in A labeled by u. The state px is final, hence there exists Py final 
in R that contains pọ. If there exists P; that contains p;, as pj = pi—1 P Ui, 
there exists P;_; in R that contains p;_; such that there is a transition from 
P;—ı to P; labeled by a. Hence, by induction, the word u is accepted by the 
subautomaton. Q.E.D. 
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5 Size of the universal automaton 


It follows from the construction of the universal automaton that Uzr has at 
most 2” states if the size of the minimal deterministic automaton is n. The 
computation for the language {w | |w| 40 mod n} shows that this bound 
is tight (cf. Section 7.2 below and also [9]). 

As the determinisation of a non deterministic n-state automaton may 
give at most a 2”-state automaton, we immediately get a 2?” upper bound 
for the size of the universal automaton with respect to the minimal non 
deterministic automaton that accepts the language. 

This bound is not tight, for the worst cases in determinisation and in 
the construction of the universal automaton cannot occur in a row. We give 
here the proof that the tight bound is given by the Dedekind numbers and 
also that, in the case of a unary alphabet, the conjunction of worst cases 
may occur, but the determinisation does not yield a 2” blow-up then. 


5.1 Bounds for the universal automaton 


The nth Dedekind number D(n) is defined as the number of monotonous 
Boolean functions with n variables. Since such a function is characterised by 
a Boolean expression in disjunctive normal form whose clauses are pairwise 
uncomparable, it is also the number of antichains of $ ([1; n]) (ordered by 
inclusion). 


Theorem 5.1 (Lombardy, [19]). Let A be an NFA with n states that 
accepts a language L. Then: 


(i) Uz has at most D(n) states; 
(ii) the trim part of Uz has at most D(n) — 2 states. 


For every integer n, there exist automata with n states for which these 
bounds are reached. 


Remark 5.2. There is no closed form expression for D(n), and its exact 
value is only known for n smaller than 9 (cf. [28]). However, Korshunov [16] 
has given an approximate expression of D(n). For instance, if n is even, 


D(n) ~ 272) exp ( Fa o (2-7/2 4 n275 — ont) 


Figure 9 gives a visual comparison between D(n) and the double exponential 
function n ++ 2?". 


Definition 5.3. Let O be an ordered set. An upset V of O is an upperly 
closed subset of O: 


Yre V Wye O recy ye YD. (1.11) 
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FIGURE 9. The graph of 1082 P(n) 


Notice that an upset may be empty and may also be equal to O itself. If 
Q is a set, P(Q) or every subset of $ (Q) is naturally ordered by inclusion. 
Upsets of $ (Q) are naturally in bijection with antichains by taking their 
minimal elements. 

We now use the construction given in the previous section. As we start 
with a non deterministic automaton, we first determinize it to obtain an 
automaton D that is used to build the universal automaton. 


Proposition 5.4. Let A = (Q, A, E,I,T} be a non deterministic automa- 
ton. Let D = (R,A,F,{I},U) be the determinisation of A and C = 
(S, A,G,K,{U}) the co-determinisation of D. Every element of S is an 
upset of R. 


Proof. Let X and Y be two states of D such that X C Y. It holds 
Futp(X) = Upex Futa (p) C Upey Futa(p) = Futp(Y). Let P be a state of 
C which contains X. For every v in Fute (P), P = v 4 U. As X isin P, vis 


in Futp(X), thus in Futp(Y). Hence, Y is in P. Q.E.D. 


Proposition 5.5. Let A = (Q, A, E,I,T} be a non deterministic automa- 
ton that recognizes a language L. The universal automaton of L has at 
most D(card(Q)) states, where D(n) it the nth Dedekind number. 


Proof. Let n = card(Q) and let D be the determinisation of A. As the 
intersection of two upsets is an upset, the elements of Zp are upsets of 
$B (Q), and D(n) is equal to the number of upsets of P (Q). Q.E.D. 


Proposition 5.6. Let A = (Q,A,E,I,T) be an NFA that recognizes a 
language L. The number of states of the trim universal automaton of L is 
bounded by D(card(Q)) — 2. 
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Proof. Actually, if a state corresponds to the empty upset, it has an empty 
past and it is therefore not accessible. Likewise, if a state corresponds to 
the upset {@}, it has an empty future and it is therefore not co-accessible. 

Q.E.D. 


The first part of Theorem 5.1 is thus established. 


DDL 
a 


FIGURE 10. The construction of the universal automaton from Za 


Example 5.7. We give here an example for the construction of the uni- 
versal automaton. Let Zz be the automaton of Figure 10(a). Let Dz be the 
determinized automaton of Z2, drawn on Figure 10(b). Each of its states 
is a subset of the set of states of Zə. We denote this set by a word whose 
letters are the elements of the state: the word 01 stands for the set {0,1}. 
The states of the universal automaton (Figure 10(c)) are upsets of the power 
set of states of Z2. We denote an upset by the setr of its minimal elements. 
For instance 0,1 means {{1}, {2}, {0,1}}. Notice that Ø is the empty upset, 
whereas {@} is the upset with @ as minimal element, i.e. the power set 
itself. The non accessible part of the universal automaton is drawn in gray. 
The automaton Z is an example of the worst case in the construction of 
the universal automaton. Indeed, D(2) = 6. 

Likewise, D(3) = 20 and we give a three-state automaton which rec- 
ognizes a language whose universal automaton has twenty states: the au- 
tomaton Z3 shown on Figure 11(a). As the number of transitions of the 
universal automaton is to high to allow to draw them all, the more compact 
representation given by the écorché is drawn on Figure 11(c). 
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FIGURE 11. The construction of the universal automaton from Z3 


In the following section, we generalise this example to show that, for 
every n, there exists a n-state NFA that accepts a language whose universal 
automaton has D(n) states. 

5.2 Reaching the bounds of the universal automata 

As announced, we introduce first a notation for the dual action induced by 
an automaton. 

Definition 5.8. Let A = (Q,A,E,I,T) be an automaton. The set of 
predecessors of a state p of A by a letter a is adp= {qE Q| (¢,4,p) € E}, 
denoted a < p if there is no ambiguity. This defines a left action of A* 


on P(Q): for every letter a, every word w, and every subset X of Q, we 
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have: 


< X = * — = y 
ad U «gp, 14 qx X, aw 4 X a4 (w4 X) 
pEX 
Obviously, q is in p> w if and only if p is in w p q. In the sequel, for every 
positive integer n, Zn = (Q, A, E, I, T} is the automaton defined by: 


Q = Z/nZ; A ={a,b}; T=T=Q; 


E = {(p,a,p+ 1) | p EQ} U {(p,b, p) | p € QN {0}. (1.12) 


In the sequel, if X is a subset of Q, i.e. a subset of Z/nZ, for every 
integer k, we denote X + k = {x +k |x eX}. 


Lemma 5.9. Let n be a positive integer. The determinisation of Z,, is 


Dn = ($ (Q) ,A,F, {Q}, B(Q)\{S}), with: 
F = {(X,a,X +1),(X,b, X\{0}) | X CQ}. (1.13) 


Proof. As every state of A is initial, the initial state of D is Q. As every 
state of A is terminal, every state of D different from Ø is terminal. 


If X is a subset of Q, Xp a=UsexPoa=Unyexptl=X +1; likewise, 
X > b = Upe x,pz0 P = X\{0}. This gives the set of transitions F of D. 


We show that every element of P(Q) is an accessible state by induction 
on the number of elements. The set Q itself is the initial state of D. Let 
assume that X is an accessible state. Let x be an element of X, we show 
that X\ {a} is accessible. Actually, X > a"~*ba® = (X — x) > ba” = ((X — 


x)\{0}) >a” = ((X — x)\{0}) +£ = X\ {x}. Therefore, every element of 
$ (Q) is accessible. Q.E.D. 


For every subset X of Q, we denote X = {Y | Y C X}, and (X)*° = 
P (Q)\.X; we can notice that (X)° is an upset of $ (Q). 


Lemma 5.10. Let n be a positive integer. The co-determinisation of Dp 
is Cn = (S, A, G, K, V}, with: 
S={(D | XE;  K=5~x{ø]; V={89 
G = {(X)° ,a, (X)° | (X,a, Y) € F}U{(X U 10}) b, (X° | X € Q}. 
(1.14) 


Cc 


Proof. As any state X of D, different from Ø is final, the state t = (Ø) 
is the final state of Da. First, we show by induction on the word w that 
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any state P = w <t is in S. This is obviously true if w is the empty word: 


P =t. If P=(X)° is in S, so its predecessors are: 


og(Xy={ag¥ IYE X}={Y |Y Zag xX} = (agx) (1.15) 


=(X-1); 


ba (X) ={b4Y |Y Z X} 
AY |Y Z X,0gY}U{YU {0} |Y Z X,0g Y} 
-{Y |Y Z XU{0}, 0g Y}U{Y'|Y' g Xu{o} 0e Y} | 
={Y |Y g Xu {0} = (xX u{0}) . 
We show that every element P = (X)° of S is co-accessible from t.If X = Ø, 
then P =t. If P = (X)° is co-accessible, for any x in Q, P’ = (x U {z}) 


is co-accessible too: 


1.16) 


di tbar aP = a"“*ba(X = 2)° =a"*4 ((xX=2)u o) =(xu t) 


(1.17) 
Therefore the set of states of Cn is exactly S. Q.E.D. 


Lemma 5.11. Let Q be a finite set. The intersection closure of {(X)° | 
X € P(Q)} is exactly the set of upsets of P (Q). 


Proof. Let U be an upset of P(Q). For every Y in U, for every X not in 
U, Y Z X. Hence, Y is in (X)° and U is a subset of (X)°. Thus, as X is 
not in (X)°, it comes U = N ygu (X). Q.E.D. 


With this last lemma, the proof of Theorem 5.1 is now complete. 

In the case of a one-letter alphabet, the determinisation algorithm is 
known not to be exponential. Indeed, if A is a one-letter NFA with n 
states, the determinisation of A (and the minimal automaton of the accepted 
language) has at most G(n) states (cf. [3]), where G(n) is the Landau 
function of n, that is, the maximal least common multiple of a set of integers 
with sum equal to n. We show that in this case, the obvious upper bound 
2¢() for the size of the universal automaton is tight. 


Proposition 5.12. For every integer n, there exist automata with n states 
over a one-letter alphabet such that, if L is the accepted language: 


(i) Uz has 26 states; 


(ii) the trim part of Uz has 2° — 2 states. 
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Proof. There exist an integer r and r numbers k1, .., ky such that kj +..+kr = 
n and Icm(k1, k2,..., kr) = G(n). Let Q be the disjoint union of all the 
(Qi = Z/k;Z) for i in [1;r] and let Yn = (Q, {a}, E, I, T} be the automaton 
defined by: 


F={0EQ: |¢€[lir]}, T=Q\1, E={(p,a,p+1) | 3i,p € Qi}. 


The determinisation of Y, is the automaton D, = (R, {a}, F,J,U), with 
R=Z/G(n)Z, J = {0}, U = Rx J and F = {(p,a,p +1) | pe R}. 

The states of the co-determinisation of D, are all the subset of R with 
card(R)—1 elements. The intersection closure of this set of states is equal to 
$ (R). Hence, the universal automaton of the language recognized by Y,, has 
2¢() states and the trim universal automaton has 2¢(") — 2 states. Q.E.D. 


à Š 
a 


FIGURE 12. The automaton J, and its universal automaton 


Remark 5.13. Starting from a one-letter DFA with n states (n > 1), it is 
not possible to obtain a trim universal automaton with 2” — 1 states. The 
state corresponding to the empty set in the construction of Theorem 4.1 
cannot be accessible. If the full set corresponds to a co-accessible state, 
it means that every state of the DFA is final, thus every word is accepted 
and the universal automaton has one state, or, if the DFA is not complete, 
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the language is a finite prefix language and the universal automaton has n 
states. Therefore, the trim universal automaton has at most 2” — 2 states. 


Example 5.14. Let V, be the automaton of Figure 12 a). It is equal to 
D, (actually, G(4) = 4). The universal automaton, drawn on Figure 12 b), 
has 24 = 16 states, including a non accessible state and a non co-accessible 
state. 


6 Equations in the universal automaton 


John H. Conway who gave, in his own language and terminology [5], an- 
other definition of the universal automaton, was not at all interested in the 
computation of small NFA’s for a regular language. He used the factor 
matrix of a language to solve two dual classes of problems. First, in the 
approximation problem, are given on one hand a language L in A* and on 
the other hand a family K = {ky,..., Kn}, all in A*. The latter determines 
a substitution o from X* into A*, with X = {2,...,¢@n} and o(a;) = Kj. 
The construction of the universal automaton of L allows us to show that 
the set W of words w in X* such that o(w) is contained in L is regular 
when L is regular (and without any hypohesis on the K;’s). 

The dual problem is the one of (in)equations. The regular languages L 
in A* and K in X* being given, the universal automaton of L allows the 
effective computation of all maximal n-tuples of languages {H1,..., Hn} 
such that ø(K) is contained in L. 


6.1 The approximation problem 


The construction of the automaton Uz can be seen as a special case of an 
approximation problem: the reasoning that proves that Uz accepts L can 
be generalised to other families of subsets than the generating set of A*, 
with remarkable results. 

Let L be a language of A* and K = {kj,..., Kn} a family of n languages 
of A*. We set X = {x£1, £2,..., £n} an n-letter alphabet and o: B* — A* 
the substitution defined by 


Vi € [13 n] o(a;) = Kj. 


The sole consideration of the syntactic morphism allows us to show that the 
language W over B*, 


W ={fe B*lo(f) CL}, 


is recognisable if L is recognisable and without any assumption on the K;,’s 
— a corollary of a result in [26], see [27]. But here we prove the result and 
give it a more precise interpretation using the universal automaton. 
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To simplify the statements, with K; and hence o being fixed, we write 
č for the map from $8 (A*) to P (B*) defined by 


VLEB(A*Y)  &(L) ={f € BY | o( f) CL}, (1.18) 


that is, (L) is equal to the language W defined above. The map ð acts 
as the inverse of the substitution o but retains only those words whose 
image under ø is contained in L. In other words, o(G(L)) is the best possi- 
ble approximation (by default) to L as a sum of products of languages K; 
and o(L) describes how this approximation is constructed. 

Let L be a language of A*, Uz its universal automaton and F% its factor 
matrix. We write SF for the automaton over X* obtained from Uz by 
replacing each label EX y, by the set of letters in X whose image under ø 
is contained in Fẹ y~: 


V(X, Y), (X Y) € Fr (X,Y) — = — (X',Y') = o(x) C F% y». 


Theorem 6.1 (Conway [5]). o(L) = |S I. 


Proof. The proof goes by induction on the length of f and amounts to 
establish that, for all E Y), (X',Y') in Fz, and all f in B*, it holds: 


XYD XY) = olf) E Pky 


For |f| = 1, this is exactly the definition of SF. 


Suppose then that we have (X,Y) 2, (X’, Y’); then there exists 
S 


L 
(X”, Y”) in Fr such that (X, Y) > (X”, Y”) and (X”, Y”) = Coy"): 
Ss 


L 


We thus have a(x) C Fý yn by ae of SẸ and o(f) C Fx y by 
induction hypothesis. Then, by Equation (1.8), 


o(xf) G Fý yu F% y» G Fš yr. 


Conversely, suppose that o(af) = o(x)o(f) C Fy.. By Lemma 3.4, 
there exists (X”, Y”) in Fr such that o(x) C FX y~ and o(f) C Fn yr. 
This, in ore by definition of Sf and by induction hypothesis, implies 
(X,Y) —— (Xx, Y’). Q.E.D. 

Sk 

As announced, a mere consequence of Theorem 6.1 is that if L is regular, 
Uz has a finite number of states and (L) is regular. The definition of S¥ is 
itself a procedure for computing the ‘best approximation’ to L, on condition 
that we know how to compute effectively the factors of L and the inclusion 
of K; in these factors. These conditions are fulfilled in particular when 
considering the rational sets of a free monoid. We then deduce: 
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Corollary 6.2. Given a regular language L and a finite family K of regular 
languages over A*, we can decide whether L belongs to RatK, the rational 
closure of K. 


Proof. We compute the best approximation to L by the n languages of the 
family K and then decide whether this approximation is equal to L. Q.E.D. 


The elegance of this proof, and the efficiency of the computations it 
entails is to be compared with those of the proofs given subsequently for 
the same result (e.g. [10]). 


6.2 Solutions of pure language equations 


The problem of approximation is susceptible to a ‘dual’ approach. The 
(recognisable) subset L of A* having been fixed, instead of choosing the 
subsets K;, that is the substitution o: B* — A*, and trying to compute the 
language o(L) over B*, we can choose a language W (not even necessarily 
regular) over a free monoid B* and seek a substitution o: B* — A* such 
that o(W) C L, which will be called a sub-solution of the problem (L, W). 
The sub-solutions are naturally (and partially) ordered by inclusion of the 
images of the letters of B, and the interesting sub-solutions are the maximal 
ones. 


Theorem 6.3 (Conway, [5]). Let L be a subset of A*, W a language of B* 
and o: B* — A* a maximal sub-solution of the problem (L, W). Then for 
each z in B, o(2) is an intersection of factors of L. 


Proof. Let f = £1£2...£n be a word of W. If ø is a solution of (L,W), 
a(x1)o(a2)...0(an) C L. By Lemma 3.4, and an induction argument, there 
exist (Xo, Yo), (X1, Yi),---,;(Xn, Yn) in Fr such that 


a(x) C FY. sy; 


for each i in [1; n]. As these inclusions are verified for each f in W, each o(2;) 
is contained in an intersection of factors and such an intersection is a max- 
imal component in a sub-solution of the problem. Q.E.D. 


Corollary 6.4 (Conway, [5]). If L is regular, then the maximal sub-solu- 
tions of the problem (L, W) are k-tuples (k = Card(B)) of regular subsets 
of A*. Ifin addition W is regular, we can effectively compute all the maximal 
sub-solutions of the problem (L, W). 


Proof. If L is regular, there is only a finite number of factors that are all 
regular and their intersections are finite in number and regular. There is 
only a finite number of k-tuples of intersections among which all the maximal 


6 This is not the left-right duality of automata, but rather a vector—linear form duality. 
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sub-solutions are found. If W is regular we can effectively find all the k- 
tuples which are sub-solutions and keep only the maximal ones. Q.E.D. 


Example 6.5. A regular language L of A* being chosen, let us find all the 
subsets U such that U? C L and U is maximal for this property (i.e. find 
the maximal sub-solutions of the problem (L,x7)). If U? C L, (U,U) isa 
subfactorisation of L, it is dominated by (at least) one factorisation (X,Y), 
and U C XAY. The maximal sub-solutions are thus among the X AY 
when (X,Y) varies over Fr. 


7 Stars in the universal automaton 


Last but not least, the universal automaton contains informations on the 
star height of the language if it is a regular one, may be not always but 
certainly for some subfamilies of regular languages — and this was what 
motivated first the interest of the authors in this construction. 

The computation of the star height problem is a hard question that 
was stated by Eggan [8] in 1963. It was positively solved in 1988 by 
Hashiguchi [11] and Kirsten gave more recently a particulary elegant proof 
for its decidability [15]. The results we present here do not give the solution 
of the star height problem for any regular language, but in the cases where 
they can be applied, they give more precise informations on the form of the 
result than the other works. 


7.1 Star height and loop complexity 


The star height of a regular expression E, denoted by h(E), is defined recur- 
sively by: 


ifE=0,E=lorE=a€éA, h(E) =0, 
if E = E’ +E” or E=E’-E”, h(E) = max(h(E’), h(E”) , 
if E =F", h(E) = 1 +h(F) . 


Example 7.1. The expressions (a + 1)(a? +b)*a +1 and (b*a + 1)(ab*a)* 
have star height 1 and 2 respectively. As they both denote the same lan- 
guage accepted by the automaton Ag shown at Figure 13, two equivalent 
expressions may have different star heights. 


Definition 7.2. The star height of a regular language L of A*, which we 
note as h(L), is the minimum of the star height of the expressions that 
denote the language L: 


h(L) = min{h(E) | E € RatEA* |E] = L}. 
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ae 


a 


FIGURE 13. The automaton As 


The star height induces a hierarchy on regular languages. We shall give 
examples for the fact (see Corollary 7.12): 


Fact 7.3. There exist regular languages of arbitrary large star height. 


The star height of an expression reflects also a structural property of 
an automaton which corresponds to that expression (more precisely, of the 
underlying graph of an automaton). In order to state it, we first define 
the notion of a ball of a graph: a ball in a graph is a strongly connected 
component that contains at least one arc. 


Definition 7.4. The loop complexity’ of a graph G is the integer Ic(G) 
recursively defined by: 


Ic(G) =0 if G contains no ball (in particular, if G is empty); 
Ic(G) = max{lc(P) | P ball of G} if G is not a ball itself; 
Ic(G) = 1+ min{Ic(G\ {s}) | s vertex of G} if G is a ball. 


As Eggan showed, star height and loop complexity are the two faces of 
the same notion: 


Theorem 7.5 (Eggan [8]). The star height of a language L is equal to the 
minimal loop complexity of an automaton that accepts L. 


More precisely, from every automaton with loop complexity n, an ex- 
pression with star height n can be computed, and vice-versa. Theorem 7.5 
allows to deal with automata instead of expressions, and to look for au- 
tomata of minimal loop complexity instead of expressions of minimal star 
height. A reason why star height, or loop complexity is not an easy param- 
eter to compute is given by the following fact, for which we give an example 
below (see Example 7.13). 


Fact 7.6. The minimal automaton is not always of minimal loop complexity 
(for the language it recognises). 


T Eggan [8] as well as Cohen [4] and Hashiguchi [12] call it ‘cycle rank’, Biichi calls 
it ‘feedback complexity’. McNaughton [23] calls loop complexity of a language the 
minimum cycle rank of an automaton that accepts the language. We have taken this 
terminology and made it parallel to star height, for ‘rank’ is a word of already many 
different meanings. 
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The following structural result gives a criterium to bound the loop com- 
plexity of an automaton. 


Definition 7.7. Let A and B be two automata and let y be a surjective 
morphism from A onto B. The morphism y is conformal if every path in B 
is the image of a path in A. 


Theorem 7.8 (McNaughton, [23]). If y: B — A is a conformal morphism, 
the loop complexity of B is larger than or equal to that of A: that is, 
Ic(B) > Ic(A). 


We first show a lemma: 


Lemma 7.9. Let y: B — A be a conformal morphism. For every ball P 
in A, there exists a ball Q in B such that the restriction of y to Q is a 
conformal morphism from Q to P. 


Proof. This lemma (like the theorem) is in fact a proposition about graphs, 
but we shall use automata-theoretic notions to simplify the proof. We as- 
sume, possibly by changing them all, that each transition of A bears a 
distinct label, and that each state of A is both initial and final; this may 
change the language accepted by A but has no effect on its loop complexity. 
The words of the language recognised by A (resp. by a subautomaton P 
of A) describe paths in the graph A (resp. in the sub-graph P). The tran- 
sitions of B are labeled in such a way that y is an automata morphism and 
each state of 6 is both initial and final. 

Let P be a ball in A and R = Py!. Set n = ||RI| and m = ||P|| to be 
the number of states of R and P respectively and consider a circuit (hence 
a word) w which visits all the paths in P of length less than 2”*™. The 
circuit w” is a path in P which can be lifted to a path in R (since ọ is 
conformal). By the proof of the block star lemma, a factor w% is the label 
of a circuit in R; let Q be the ball in R, and hence in B, that contains this 
circuit. By construction, Q recognises all words of length less than 2”+™ 
of the language recognised by P, hence Q is equivalent to P, hence all the 
paths in P become paths in Q: thus, y is conformal from Q to P. Q.E.D. 


Proof of Theorem 7.8. Suppose that the property is false, and proceed by 
reductio ad absurdum. Among the automata which are sent by a conformal 
morphism to an automaton of strictly greater complexity, let B be an au- 
tomaton of minimal loop complexity d, and let A, of complexity c, be the 
image of B under a conformal morphism: thus, c > d. 

If d = 0, the length of the paths in B is bounded and it is impossible 
for y to be conformal, hence d > 0. 

By definition, there is a ball P in A of complexity c and, by Lemma 7.9, 
a ball Q in B whose image under ¢ is P. This ball is of complexity at most d 
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but also, by the minimality of d, at least d. There exists a state q in Q such 
that 
Ic(O\ {q}) =d-1. (1.19) 


Let p = qy, P! = P{p} and O’ = Of{pp™'}; we have Ic(Q’) < Ie(Q{q}) = 
d-— 1 and lo") > c-1>d-1. 

Every path in P’ is a path in P which does not visit p, hence the image 
of a path in Q which does not go through any of the vertices of pp~+; that 
is, the image of a path in Q’: thus, y is a conformal morphism from Q’ 
to P’, which contradicts the assumed minimality of d. Q.E.D. 


7.2 Star height of group languages 

The star height of a group language can be computed within the universal 
automaton. The simplest instance of this fact is the following statement 
which provides a new, easier, and clearer presentation of McNaughton’s 
proof of computability of the star height of pure group languages. 


Theorem 7.10 (Lombardy-Sakarovitch, [21]). The universal automaton 
of a regular group language L contains a subautomaton of minimal loop 
complexity that recognises L. 


Since the universal automaton of a regular language is finite, we can 
enumerate its subautomata, keeping those that recognise the language, and 
from among them find those of minimal loop complexity. We therefore have: 


Corollary 7.11 (McNaughton, [23]). The star height of a regular group 
language is computable. 


Furthermore, the same theorem allows us to establish directly, a result 
whose original proof relied on a highly subtle combinatorial method. Let Wg 
be the language defined by: 


W; = {w E {a, b}* | |wla = |wly mod 29}. 
Corollary 7.12 (Dejean-Schiitzenberger, [7]). Ic(W,) = q. 


In this case indeed the universal automaton is isomorphic to the minimal 
automaton, which has thus the minimal loop complexity (see below). 


Example 7.13. Let Hz and H3 be the languages over A* = {a, b}* consist- 
ing of words whose number of a’s is congruent to the number of b’s plus 1 
modulo 2 and 3 respectively and He their union: 


H= {f | |fla—|fle=1 mod 2}, Hs={f||fla—|fls=1 mod 3} 
and He = {f | |fla —|fle = 1,3,4 or 5 mod 6}. 
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FIGURE 14. An automaton of minimal loop complexity (left) which is not 
the minimal automaton (right) for He 


The minimal automaton of Hg is the ‘double ring’ of length 6 whose loop 
complexity is 3. The minimal automata of Hz and H3 have complexity 1 
and 2, hence the star height of Hg is at most 2 (cf. Figure 14). 

Figure 15 shows the écorché of the universal automaton of Hg. We see, 
all the better for its grey background, a subautomaton of this universal 
automaton which recognises Hg, with a minimal complexity. This subau- 
tomaton is equal to the union of the minimal automata of Hə and H3 seen 
above, and this is not a coincidence. 


Let B be an automaton of minimal loop complexity which recognises L 
and y: B — Uz a morphism from B to the universal automaton of L. If y is 
a conformal morphism from B to its image y(B) in Uz, this subautomaton 
of Uz is of lesser or equal complexity to that of B by Theorem 7.8 and 
the property is proved. However, in the general case y is not conformal. 
The proof comes down to showing that nonetheless y is conformal on some 
subautomata of B (on some balls) which are crucial for the complexity. We 
start by proving some properties of the structure of the universal automaton 
of a group language. 


7.2.1 The universal automaton of a group language 

In what follows, L C A* is a group language, a: A* — G is the syntactic 
morphism, P = a(L) and Az = (G,A, ô, la, P} is a complete accessible 
deterministic automaton that recognises L. For w in A* and g in G we 
therefore write g> w for ga(w), multiplication in G. 


As we have seen (Subsection 3.2), the universal automaton Uz of L, is 
obtained by considering the factorisations (X,Y) of P in G and that if 


(X1, Y1) > (X2, Y2) 
UL 


is a transition of Uz, then X1(aa)Y2 C P and hence 


XıbaC Xə and a(a)!¥2 C Y). 
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Sava l o X 


FIGURE 15. The écorché of the universal automaton of He (without the sink 
and co-sink states). The bold arrows represent a double transition, one labeled a 
in the direction of the arrow and one labeled b in the opposite direction; the dotted 
arrows represent the spontaneous transitions. 


Lemma 7.14. The balls of Ur are deterministic and complete. 


Proof. Let (X1, Yı) and (X2, Y2) be two states of Uz belonging to the same 
ball. There exists u and v in A* such that X;pu C Xə and Xopu C X4. As G 


is a group, the action of every element is injective and || X4 || < ||X|| < ||X1|| 
hence ||.Xj|| = || X2|| and Xı > u = X2. That is, Xə is uniquely determined 
by Xı and u: the ball is deterministic. 

Furthermore, if (X,Y) is a factorisation of P, then (X (ua), (ua) -1Y ) 
is also a factorisation of P, for all u in A*, and there exists a transition 
labeled u from the first to the second. For all u, there exists v such that 
(uv)a = 1g, and hence a transition labeled v from (X(ua),(ua)~tY) to 
(X,Y). Thus, (X(ua),(ua)~'Y) belongs to the same ball as (X,Y) and 
the ball is complete. Q.E.D. 


A direct consequence of Lemma 7.14 is the following. 


Corollary 7.15. Let L be a group language whose image in its syntactic 
monoid is reduced to one element. Then Uz is isomorphic with the minimal 
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automaton of L whose loop complexity is thus minimal. 


7.2.2 Proof of Theorem 7.10 


Lemma 7.16. For every integer k, there exists a word wp in A* whose 
image in G is lg and such that every computation of length k of every 
ball C in Uz is contained in every computation of C labeled wx. 


Proof. Every word whose image in G is 1g labels a circuit in every ball 
of Uz and for every source vertex. For each ball, and each vertex of this 
ball, we construct a circuit which visits every computation of length k of 
this ball. The product of the labels of all these circuits is a word wz that 
answers the question. Q.E.D. 


We now turn to the proof of the theorem itself. 


Proof of Theorem 7.10. The automaton B, an automaton of minimal loop 
complexity which recognises L, has n states. Let g be in P, a final state 
of Az, and ug be a word in A* that is sent to g by a. For every integer k, the 
word (wx)”u, is in L and is hence accepted by B. The Block Star Lemma, 
applied to the factors wz, ensures that there exists a state pz of B such that 
there exists a circuit with source pp labeled by a certain power (wl). Let Dy 
be the ball in B which contains pg, and hence this circuit. We thus obtain 
an infinite sequence of balls Dk in which at least one ball D in B appears 
infinitely often. 

Let C be the ball in Uz which contains the image of D under the mor- 
phism y: B — Uy. For every path c in C, there exists a k greater than 
the length of c, an integer l and a state p of D such that there exists a 
loop in D with source p labeled (wy)!. This same word (wp)! labels a loop 
in C which contains all the computations of length less than or equal to k; 
it thus contains c in particular. That is, c is the image of a computation 
of D, hence on one hand, C is the image of D under vy and on the other, the 
restriction of y to D is conformal. By Theorem 7.8, Ic(D) > Ic(C). 

Let (X,Y) be the factorisation, which is the image of p under ọ (the 
state p that was defined just above). Since (wz)! is in Pastg(p), 1g is 
in Pasty, ((X,Y)) and hence lg is in X; that is, (X,Y) is an initial state 
of Up. Likewise, (wx)! ug is in Futg(p) and g is in Y. Every word u 
of A* such that ua = g labels a computation of C with source (X,Y) and 
destination (Xg,g~tY), a final state of Uz, since 1g € g-lY. Hence u is 
accepted by C. 

We can repeat this construction for each g in P and finally obtain a set 
of balls of Uz that recognise all of L and each of which has complexity less 
than or equal to at least one ball in 5. The complexity of the set is at most 
equal to that of 5, which was assumed to be minimal. Q.E.D. 
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7.3 Star height of reversible languages 


The method of the proof of Theorem 7.10 can be both deepened and gen- 
eralised in order to settle the question of star height for a larger class of 
languages. 


Definition 7.17. An automaton A is reversible if the letters induce partial 
bijections on the set of states, that is, if for every state p and every letter a, 
card(p>a) < 1 and card(a < p) <1. 


A language is reversible if it is recognised by a reversible automaton. 


Remark 7.18. A reversible automaton may be not deterministic, nor co- 
deterministic, for the definition puts no restriction on the number of initial 
or final sates. 

The minimal automaton of a reversible language may be not reversible. 
Nevertheless, given an automaton, it can be decided (in polynomial time) 
whether the language it accepts is reversible or not (see [24]). It is to be 
stressed that this decision procedure does not yield a reversible automaton 
for a regular language that is determined to be reversible but only the 
information that such a reversible automaton exists. 


Theorem 7.19 (Lombardy-Sakarovitch, [20]). The universal automaton of 
a reversible language contains an equivalent subautomaton of minimal loop 
complexity. 


The subautomaton quoted in this result is not necessarily reversible, but 
it is ‘not far’ of being so. We then introduce a weaker notion for automata, 
that will not change the class of accepted languages and that will be useful 
for both the statement and the proof of the result. 


Definition 7.20. An automaton A is quasi-reversible if for every state p 
and every letter a the following holds: 


(i) if card(p> a) > 1, none of the states in p> a is in the same ball as p; 
(ii) if card(a <p) > 1, none of the states is a < p is in the same ball as p. 


Quasi-reversible automata will be analysed by means of the following 
decomposition. 


Definition 7.21. Let A be an automaton. A subautomaton B of A is a 
A-constituent if the following holds: 


(i) any ball of A is either contained in, or disjoint from, B; 


(ii) there is at most one incoming transition to, and one outgoing transi- 
tion from, every ball of B; 
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(iii) B has one initial state and one final state. 


It follows from the definition that every finite automaton A has a finite 
(but exponential) number of A-constituents and that any A-constituent of 
a quasi-reversible automaton A is a reversible automaton. It then holds: 


Proposition 7.22. The language accepted by a quasi-reversible automaton 
is reversible. 


We can now give the main result of this section its true form. 


Theorem 7.23 (Lombardy, [17]). The universal automaton of a reversible 
language contains an equivalent quasi-reversible subautomaton of minimal 
loop complexity. 


The overall scheme of the proof is illustrated by the figure below. 


(~ we (decomposition a = 


constituants ----+5 
reversible | A- 


FE ee 


Unknown (Dr) reversible 


“ Known 


foe. em cis Ur J 


| minimal automaton} 


universal automaton/ 
oe L 


FIGURE 16. The construction underlying the proof of Theorem 7.23 


Let L be a reversible language. We know that there exists an unknown 
automaton A that recognizes this language and there exists an unknown 
automaton 6 that recognizes this language with a minimal loop complexity. 
On the other side, we can build the minimal automaton Az of the language 
and the universal automaton Uz. We know that there exists a morphism y 
from B into Uz. Notice that the image of B by y may have a loop complexity 
greater than the loop complexity of B. 

Thanks to the reversible automaton A, we decompose L into a union 
of sub-languages, and we prove that the images of the computations in 6 
labeled by these sub-languages give a subautomaton of Uz which is both 
quasi-reversible and with minimal loop complexity. 
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To prove the theorem, we must give first a more precise description of 
the structure of the universal automaton. 


7.3.1 The universal automaton of a reversible language 


To handle the particular structure of the universal automaton of a reversible 
language, we consider the construction of the universal automaton from a 
reversible automaton A with set of states Q. From Proposition 5.4, every 
state of the universal automaton is an upset of $ (Q). 


Every upset is characterized by the anti-chain of its minimal elements. 
The shape of an upset R of $ (Q) is a |Q| + l-uplet s(R) of integers such 
that, for every k € [0;|Q|], s(22)x is the number of subsets of Q with cardinal 
k among minimal elements of R. We define a lexicographic order on shapes: 


s(R) < s(R) <= 
k € [0;|Q|], Vl € [0;k — 1] s(R), =s(R'ı and s(R)ẹk < s(R’)p. 


Proposition 7.24. If there is a path in the universal automaton from a 
state with index R to a state with index R’, then s(R) < s(R’) 


Proof. Let w be the label of the path. The state R’ contains {X > w | X € 
R}. For every minimal element X in R, either X > w has the same cardinal 
as X, or it has a smaller cardinal. 

If there is some X such that |X > w| < |X|, thanks to the reversibility 
of A there is no X’ such that X’ > w = X > w and |X’| = |X” > w|, hence, 


s(R) < s(R’). Otherwise, let M be the set of minimal elements of R; the 
set {X > w | X € M} is a subset of the set of minimal elements of R’ and 


s(R) < s(R’). Q.E.D. 


Proposition 7.25. The balls of the universal automaton of a reversible 
language are reversible. 


Proof. Let R and R’ be two such states. Let u be a word that labels a 
path from R to R’ and let v be a word that labels a path from R’ to R. 
By Proposition 7.24, two states that belong to the same ball have the same 
shape. In this case, if M the set of minimal elements of R, for every X 
in M, Y = X > u is a minimal element of R’ and |Y| = |X|. Thanks to 


the reversibility, the mapping from M into the minimal elements M’ of 
R’ is injective. Likewise, there is an injective mapping from M’ into M. 
Therefore, the word u induces a bijection between M and M’; as these 
minimal elements characterize states, the balls are reversible. Q.E.D. 
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Corollary 7.26 (Cohen, [4]). If L is a reversible language recognised by a 
reversible minimal automaton with only one final state, then the minimal 
automaton has a minimal loop complexity. 


Actually, in this case, the universal automaton is the minimal automaton 
itself and the only subautomaton that accepts the langugae is the complete 
universal automaton. 


7.3.2 Proof of Theorem 7.23 

We begin with a series of definitions and notation that allow us to describe 
a decomposition of a language according to an automaton that accepts it 
and to state a property of the constituents of that decomposition. This is 
indeed an adaptation of a method devised by Hashiguchi in [12]. 


Definition 7.27. Let A be a reversible automaton that accepts L. 


(i) We say that a word w is an idempotent for A if, for every state p, 
pèw =por pèw = Ø. 


(ii) Let C be a trim A-constituent with m balls. The marker sequence of 
C is the 2m-uple (pi, q1, ---, Pm, qm) such that p; (resp. qi) is the first 
(resp. last) state of the ith ball crossed by any computation. 


(iii) A A-constituent with marker sequence (p1, q1,- -, Pm, qm) accepts the 
language vo Hv; H2...Um—1Hmvm, where H; is the language of labels 
of paths from p; to qi. 


(iv) We denote by W; the set of idempotents for A that label a circuit 
around pj. 


FIGURE 17. A marker sequence 


Lemma 7.28. Let A be a reversible automaton and C a trim A-constituent 
with m balls. Let B be any automaton equivalent to A. 

Then, there exist m states r1, r2,...,%m in B such that, with the above 
notation, the following holds: 


vo Wp, N Pastg(ri) £ Ø, Hm Um N Futg(rm) 4 2, 
and, Vi € [l;m—-1|] (H; vi Wp,) O Transg(ri, ri + 1) 4 Ø. 
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For every i in [1; m], for every circuit around p; labeled by a word v, there 
exists a circuit around r;, labeled by a word u vw, where u is in Wp, and w 
in A*. 


Proof. There exists an integer k such that, for every word v € A*, the image 
of vë is an idempotent for A. Let n be the number of states of B. Let l 
be an integer that will silently index the sets we define now. For every 
i € [1; ml], let C; be the set of words of length smaller than l that label a 
circuit around p; in A. Let w; be the product of all kth power of words 


in Ci: 
Wi = II yë . 
vECy 


For every vou -Um in the A-constituent, 
w = vo(w) U1 01 (we) U2...(Wm)"UmUm 


is in the A-constituent as well. Hence, there is a successful computation 
labeled by w in B. As B has only n states, this path contains, for every i, 
a loop labeled by a power of w; around a state r; of B. The m-tuple 
r = (r1, r2,- .., Tm) verifies i) and ii) for y shorter than l. If we consider the 
infinite sequence rr), ..., we can find an m-tuple that occurs infinitly 
often and that verifies the lemma. Q.E.D. 


n-i1—ji 
Wy 


yi () w uw? () wim 


FIGURE 18. A witness word for a A-constituent. 


We can now proceed to the proof of Theorem 7.23. We consider a set 
C of A-constituents such that every element of C accepts at least one word 
that is not accepted by the other elements of C and such that the union of 
elements of C is equivalent to A. 

Let D be an element of C and let p1, q1, P2,- .-,qm be the marker se- 
quence of D and let u = vouw... Up be a word accepted only by D in 
C, with v; labelling a path from qi—ı to p; and u; a path from p; to qi. 
Let r1,T2,...,Tm be the states of B defined in Lemma 7.28 w.r.t the A- 
constituent D and w1,..., Wm be the idempotents defined in the proof of 
the lemma. Let y be a morphism from B into the universal automaton. 
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We deal with the strongly connected component of r;, for i € [1; m]. 
Let s; = y(r;) and P; be the ball of Uz containing s;. There exist integers 


hi,..-, hm (resp. l,...,lm) such that the word x = vow huv A „wh 


(resp. y = wt uivi ai whet ea uy) is in the past (resp. the future) of r; and 
thus of s;. 

(i) The morphism ¢ is conformal on P;. Let C be a path of P;. We 
can assume, up to make it longer, that this is a circuit around s; and, up 
to take it several times, that it is labeled by an idempotent for A: z. The 
word «zy is in L; every A-constituent that accepts this word accepts also 
xy, therefore xzy is accepted only by D in C. As D is reversible, x labels 
a path from the initial state to p;, y a path from p; to the final state and 
z a circuit around p;. Therefore, from Lemma 7.28, there exist a word w 
idempotent for A and a word v such that wzv labels a circuit around r;. 
The image of this circuit is a circuit around s;. As w is an idempotent for A, 
it is an idempotent in the syntactic monoid; hence for every k, w*zv labels 
a circuit, if k is large enough, this circuit contains a sub-circuit labeled by 
a power of w, as the ball is reversible, this power labels a circuit around s;, 
and as w is an idempotent, it labels itself a circuit around s;. As balls are 
deterministic, the circuit C around s; is the image of the part of the circuit 
around r; labeled by z. Thus the morphism y is conformal onto P; which 
have a loop complexity not greater than the loop complexity of B. 

(ii) The images of the words linking balls in B contain no cir- 
cuit. The word wujowi! is in Transg(ri, ri+1) thus in Transy, (Si, Si+1). 
Let s; = (X;, Y;) and let t; = (X/, Y/) be the state in P; such that u; is in 
Transy, (si, ti). By definition of the universal automaton: 


li Ags 
XW; UiViWiti Yi41 C L. 


The words w; and wi+ı are idempotents and L is reversible, therefore it 
holds X;uj;vi¥i41 C L, and X} is the smallest left factor that contains X;u;, 
hence Xjv;Yi41 C L Thus there exists a path labeld by v; from t; to s;41. 
This holds for every i in [1; k— 1]. We prove the same way, that there exists 
a path from an initial state to sı labeled by vg and a path from sm to a 
final state labeled by um. 

If one of the intern states of one of these paths labeled by v; belongs to a 
ball, the word v; can be factorised into x;y; and there exists an idempotent w 
for A such that 


VOUIVI «. . UZLT{WYiUi41Vi41 - - - UkUk EL. 


It can only be accepted by D, which would imply the existence of a circuit 
between qi and p;41. 
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(iii) The subautomaton obtained in Uz accepts every word ac- 
cepted by D. Such a word can be factorised into voujvisu vk, with p; > 


u; = qi. There exists a word w; such that uw; is an idempotent and both 
uiw; and u/w;, label circuits around p;. As above, these words label circuits 
around s; and, as the ball is co-deterministic, the path from s; labeled by 
u; ends in the same state as the one labeled by uj, i.e. ti. 

(iv) This subautomaton is reversible. The balls of the universal au- 
tomaton are reversible. Between every ball, there is only one path in the 
automaton, by construction. If there exists a letter a that labels two in- 
coming transitions of s;, this letter is the last one in v; and there exists a 
circuit around p; with a as last letter, which is a constradiction with the 
reversibility of D. Hence, this subautomaton is co-deterministic; likewise, 
it is deterministic. 

(v) Conclusion of the proof. For every constituent of A, we prove that 
there exists a subautomaton of the universal automaton, with a loop com- 
plexity not greater than the star height of the language, and that accepts 
every word accepted by the constituent. The superposition of all these sub- 
automata of the universal automaton gives a subautomaton of the universal 
automaton that recoginzes the language. More, every ball intersected by 
one of these subautomata is entirely included in the subautomaton, hence, 
the loop complexity of the superposition is not greater than the maximal 
loop complexity of the superposed automata. Therefore the superposition 
is a subautomaton of the universal automaton that have a minimal loop 
complexity for the language. 

Moreover, as every superposed automaton is reversible, the superposi- 
tion is a quasi-reversible automaton. That proves that, for every reversible 
language, there exists a quasi-reversible automaton, with minimal loop com- 
plexity, and that is a subautomaton of the universal automaton. 


8 Conclusion 


The aim of this paper is to show the soundness of the notion of universal au- 
tomaton and its various applications. Its large size leads to algorithms with 
poor complexity, but it is a good theoretical framework to state different 
kinds of problems on regular languages. 

We end this survey with an open question about star height. We have 
said that, roughly speaking, the universal automaton of a language contains 
every automaton that accepts this language. This is true up to morphic 
image, but morphisms do not preserve loop complexity. This is the reason 
why in the general case, we do not know how to prove the following extension 
of Theorems 7.10 and 7.19: The universal automaton of a regular language 
contains a subautomaton with a minimal loop complexity for this language. 
The universal automaton has not revealed all its secrets. 
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Abstract 


In strong contrast to their non-deterministic counterparts, deter- 
ministic top-down tree automata received little attention in the sci- 
entific literature. The aim of this article is to survey recent and less 
recent results and stipulate new research directions for top-down de- 
terministic tree automata motivated by the advent of the XML data 
exchange format. In particular, we survey different ranked and un- 
ranked top-down tree automata models and discuss expressiveness, 
closure properties and the complexity of static analysis problems. 


1 Introduction 


The goal of this article is to survey some results concerning deterministic 
top-down tree automata motivated by purely formal language theoretic rea- 
sons (past) and by the advent of the data exchange format XML (present). 
Finally, we outline some new research directions (future). 


The Past. Regular tree languages have been studied in depth ever since 
their introduction in the late sixties [10]. Just as for regular string languages, 
regular tree languages form a robust class admitting many closure properties 
and many equivalent formulations, the most prominent one in the form of 
tree automata. A striking difference with the string case where left-to-right 
equals right-to-left processing, is that top-down is no longer equivalent to 
bottom-up. In particular, top-down deterministic tree automata are strictly 
less expressive than their bottom-up counterparts and consequently form a 
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strict subclass of the regular tree languages. Furthermore, deterministic top- 
down tree automata do not enjoy many of the important closure properties. 
For instance, they are neither closed under union nor under complement. 
Several variants of deterministic top-down tree automata models have 
been introduced of which the one defined in [10, 7] is considered to be the 
standard one: the states assigned to the children of a node depend solely 
on the label and the state at the current node. We refer to these automata 
as ‘blind’ because they cannot see the label of the children when assigning 
states to them. A natural extension would therefore be to make automata 
‘sensing’ by allowing them to see those labels. The latter model is more 
expressive than the former and both can be characterized by closure under 
a subtree exchange property. Using the latter property it becomes very 
easy to show that the models are neither closed under union nor under 
complement. The [-r-determinism for top-dowm tree automata introduced 
by Nivat and Podelski [17] and defining the homogeneous tree languages 
is strictly more expressive than blind automata and incomparable to sens- 
ing ones. Both blind and sensing tree automata allow for tractable static 
analysis: emptiness, containment and minimization are in PTIME. 
The Present. XML, which stands for the eXtensible Markup Language, 
is a standard defined by W3C [4] for data exchange over the internet. From 
an abstract viewpoint, XML data or XML documents can be represented by 
finite labeled unranked trees where unranked means that there is no a priori 
bound on the number of child nodes a node can have. In a data exchange 
scenario not every XML document is allowed and the structure of XML doc- 
uments is usually restricted to adhere to a specified schema. Many schema 
languages for XML exist of which the most prominent ones are DTD [4], 
XML Schema [20], and Relax NG [6]. In formal language theoretic terms, 
every schema defines an unranked tree language. This XML setting mo- 
tivated Briiggemann-Klein, Murata, and Wood to develop a theory of un- 
ranked tree automata, an endeavor already initiated in the late sixties by 
Thatcher [21]. For deterministic top-down unranked tree automata there 
is again the difference between the blind and the sensing variant. Further- 
more, as nodes can have arbitrarily many children it is natural to consider 
two variants of sensing automata. The first variant is an online one: given 
the state and the label of its parent, the state of a child only depends on its 
label and the labels of its left-siblings. The variant is called online as child 
states are assigned when processing the child string in one pass from left to 
right. In contrast, the offline variant first reads the complete child string 
and only then assigns states to all children. All three models can again be 
characterized in terms of closure under specific forms of subtree exchange. 
These properties can be used to show that blind, online, and offline sensing 
are increasingly more expressive and that neither of the models is closed 
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under union and complement. Interestingly, online sensing top-down tree 
automata suffice to express all DTDs and XML Schema, Definitions. Fur- 
thermore, they correspond precisely to the unranked regular tree languages 
admitting one-pass preorder typing [14]. In this context, typing means the 
assignment of the correct state to each node. So, online sensing determin- 
istic top-down tree automata capture precisely the schemas which can be 
validated and typed in a one-pass fashion. A difference with the binary case 
is that minimization is NP-complete for offline sensing top-down automata, 
while it is in PTIME for online sensing top-down automata. Minimization 
for blind automata is in NP but the precise complexity is unknown. 

The Future. From a theoretical point of view, there is a schema language 
superior to XML Schema: Relax NG is more expressiveness than XML 
Schema and it is closed under the Boolean operations. Nevertheless, XML 
Schema is the language endorsed by W3C and therefore supported by the 
major database vendors. It constitutes deterministic top-down processing 
as its basic validation mechanism. As mentioned before, XML Schema lacks 
the most basic closure properties. From the viewpoint of model manage- 
ment [1] or schema integration, especially the inability to express the union 
of two schemas is a serious defect. From a formal language theory perspec- 
tive, Jurvanen, Potthof, and Thomas proposed regular frontier checks as a 
general extension of deterministic top-down automata [12]. In particular, 
the acceptance condition is determined by a regular string language F over 
states added to the model. A tree is then accepted when the string formed 
by the states assigned to the frontier of the tree is in F. Although this 
formalism is expressive enough to define union and complement it is less 
convenient as an addition for a schema language. It would therefore be in- 
teresting to come up with a convenient top-down deterministic model closed 
under the Boolean operations. We discuss this and other future directions 
like optimization and automatic inference problems in the Conclusions. 
Outline. The article is further organized as follows. In Section 2, we in- 
troduce the necessary notation. In Section 3 and 4, we discuss ranked and 
unranked deterministic top-down models, respectively. Finally, in Section 
5, we consider regular frontier checks. 


2 Preliminaries 
2.1 An abstract notation for automata 


We first explain the generic automata notation that we shall use throughout 
the paper. For a finite set S, we denote by |S] its number of elements. By 
x we always denote a finite alphabet. We consider different types of data 
structures built from X like strings, binary trees, or unranked trees. We 
write Dy for the set of all data structures of the given type that can be 
built from X. For every d € Dy, we shall define a set Nodes(d), a designated 
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element root(d) € Nodes(d), and a designated set Frontier(d) C Nodes(d). 
Here, root(d) will be the root of a tree or the first symbol of a string; 
Frontier(d) will be the set of leaves in a tree or the last symbol of a string. 

To address automata in a uniform way for the different data structures, 
we first define them in abstract terms to instantiate them later operating 
on strings, trees, and unranked trees. 


Definition 2.1. A finite automaton over & is a tuple 
A = (States(A), Alphabet(A), Rules(A), Init(A), Final(A)), 


where States(A) is a finite set of states, Alphabet(A) = © is the finite 
alphabet, Rules(A) is a finite set of transition rules, Init(A) C States(A) is 
the set of initial states, and Final(A) C States(A) is the set of final states. 


The size of A, denoted by |A|, is a natural number, which by default 
will be the number of states of A unless explicitly stated otherwise. A 
run of an automaton A on a data structure d € Dajphabet(a) Will always 
be defined as some function of type r : Nodes(d) — States(A). For each 
kind of automaton, we shall define when a run is accepting. Then, the 
language L(A) of an automaton is the set of data structures d that permit 
an accepting run.We call a finite automaton unambiguous if, for every d, 
there exists at most one accepting run of A on d. 

We consider the following static analysis problems: 


e Emptiness: Given a finite automaton A, is L(A) = Ø? 
e Containment: Given two finite automata A and B, is L(A) C L(B)? 


e Minimization: Given a finite automaton A and integer k, does there 
exist an automaton B (of the same class as A) such that L(A) = L(B) 
and |B| < k? 


In the remainder of the paper, we shall use the letters a, b,c,... to range 
over alphabet symbols and we shall use p,q,... to range over states. 


2.2 Strings and trees 


By No we denote the set of nonnegative integers and by N the set of positive 
integers. We call a € © a H-symbol. A S-string (or simply string) w € X* 
is a finite sequence a,---a, of U-symbols. We denote the empty string by 
E. 

The set of positions, or nodes, of a X-string w is Nodes(w) = {1,... n}. 
The root of w is root(w) = 1 and the frontier of w is Frontier(w) = {n}. 
The length of w, denoted by |w], is n. The label a; of node i in w is denoted 
by lab” (i). 
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A tree domain N is a non-empty, prefix-closed subset of N* satisfying 
the following condition: if ui € N for u € N* andi € N, then uj € N 
for all j with 1 < j < i. An unranked X-tree t (which we simply call 
tree in the following) is a mapping t : Nodes(t) — X where Nodes(t) is 
a finite tree domain. The elements of Nodes(t) are called the nodes of t. 
For u € Nodes(t), we call nodes of the form ui € Nodes(t) with i € N the 
children of u (where ui is the ith child). The root of a tree is root(t) = 
€ and the frontier of a tree is its set of nodes with no children, that is, 
Frontier(t) = {u | ul ¢ Nodes(t)}. For a tree t and a node u € Nodes(t), 
we denote the label t(u) by lab* (u). If the root of t is labeled by a, that is, 
lab‘(e) = a, and if the root has k children at which the subtrees t,,..., tp 
are rooted from left to right, then we denote this by t = a(ti---t,). In 
the sequel, we adopt the following convention: when we write a tree as 
a(t, ---tn), we tacitly assume that all ¢;’s are trees. The depth of a node 
i1- in E€ N* in a tree is n+ 1. The depth of a tree is the maximum of 
the depths of its nodes. We denote the set of unranked -trees by Ty. By 
subtree’(u) we denote the subtree of t rooted at u. For two D-trees tı and 
t2, and a node u € Nodes(t1), we denote by ti[u + tg] the tree obtained 
from tı by replacing its subtree rooted at u by t2. A tree language is a set 
of trees. 

A binary alphabet or binary signature is a pair (%,ranky), where ranks 
is a function from © to {0,2}. The set of binary X-trees is the set of X- 
trees inductively defined as follows. When ranky(a) = 0, then a is a binary 
b-tree. When ranky(a) = 2 and ¢1,t2 are binary S-trees, then a(tit2) is a 
binary -tree. 


2.3 Finite string automata 


We instantiate our abstract notion of finite automata over strings: 


Definition 2.2. A finite string automaton (FSA) over © is a finite automa- 
ton over © where Rules(A) is a finite set of rules of the form q £, q2 with 
q1, q2 € States(A) and a € Alphabet(A). 


A run of A on a string w € Alphabet(A)* is a mapping r : Nodes(w) > 
States( A) such that 


(i) there exists qo € Init(A) with qo > r(1) in Rules(A) for lab” (1) = a; 
and, 


(ii) for every i = 1,...,|w| — 1, it holds that r(i) “ r(i +1) in Rules(A) 
where lab” (i + 1) = a. 


A run r is accepting if r(|w|) € Final(A). An FSA A is deterministic if it 
satisfies the following two conditions, implying that no string permits more 
than one run by A: 
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(i) Init(A) is a singleton; and, 


(ii) for every qı € States(A) and a € Alphabet(A), there exists at most 
one rule q2 € States(A) such that q1 “> q is in Rules(A). 


We denote by DFSA be the class of deterministic finite string automata. 


2.4 Exchange properties for tree languages 


We define several of the exchange properties for tree languages that we 
use in the following sections to characterize the expressive power of tree 
automata. 


2.4.1 Path-closed languages 
A well-known characterization of tree languages recognizable by a class of 
top-down deterministic tree automata is the one of path closed languages 
by Virágh [23]. The path language of a tree t, denoted Path(¢), is the set of 
strings 

lab(e)ijlab(i1) ---  tplab(ii---tn), 


for nodes 71, i1%2,...i1+++in in Nodes(t).! The path langauge of a tree lan- 
guage L, denoted Path(L), then is the union of the path languages of its 
trees, that is, Path(L) = U,<, Path(t). The path closure of a tree language 
L is defined as P-Closure(L) = {t | Path(t) C Path(Z)}. Finally, a tree 
language L is path-closed when P-Closure(L) C Path(L). 

Nivat and Podelski argued that path-closed languages can also be char- 
acterized using the following subtree exchange property [17]. A regular 
tree language L is path-closed if and only if, for every t € L and every node 
u € Nodes(t), 


if tlu — a(tı,...,tn)] E€ L and t[u — a(sı,...,Sn)] € L, then 


tlu — a(ti,...,$i,---,tn)] € L for each i = 1,...,n. 


This subtree exchange closure for path-closed languages is illustrated in 
Figure 1. In the remainder of the article, when we say that a language is 
path-closed, we shall always refer to this closure under the just mentioned 
exchange property. 


2.4.2 Guarded subtree exchange 

For a node v = uk in a tree t with k € N, we denote by lsib-str’(v) the 
string formed by the label of the v and the labels of its left siblings, that 
is, lab’(ul)-+-lab‘(uk). By r-sib-str’(v) we denote the string formed by 
v and its right siblings, that is, lab’(uk)---lab’(un), if u has n children. 
1 We tacitly assume here that DMN = Ø. 


2 Actually, Nivat and Podelski only considered path-closedness on ranked trees, but it 
is easy to see that the properties are also equivalent on unranked trees. 
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FIGURE 1. Various kinds of subtree exchange properties for tree languages. 


We define lsib-str’(e¢) = r-sib-str’(e) = lab‘ (e). Let v = iriz- -ig with 
i1,i2,...,i¢ E N. Let # and V be two symbols not in X. By anc-l-sib-str' (v) 
we denote the ancestor-left-sibling-string 


Lsib-str’ (c)#1-sib-str’ (i1)# --- #l-sib-str (iiiz - - ie), 
formed by concatenating the left-sibling-strings of all ancestors of v, starting 
from the root. By spine’(v) we denote the ancestor-sibling-string 
Lsib-str’ (e) Vr-sib-str’ (¢)#1-sib-str’(i,) Vr-sib-str’ (i;)# - - - 
-- - #l-sib-str' (ii - «+ ig) Vr-sib-str’ (iriz - - - ig) 
formed by concatenating the left-sibling-strings and right-sibling strings of 


all ancestors of v, starting from the root. 
We say that a tree language L is ancestor-left-sibling-closed® if whenever 


3 This property was called “closure under ancestor-sibling-guarded subtree exchange” 
in [14]. 
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for two trees t1,t2 € L with nodes u; € Nodes(t;) and ug € Nodes(t2), 
anc-l-sib-str’!(u;) = anc-l-sib-str° (u2) implies ti [ui — subtree’? (u2)] € L. 
We say that L is spine-closed if spine" (u1) = spine’?(u2) implies ti [uy — 
subtree’?(uz)] € L. The latter notions are illustrated in Figure 1. 


3 Top-down automata on binary trees 


As we consider in this section automata over binary trees, we take © as 
a binary alphabet. We define two flavors of top-down determinism. The 
first is the traditional one, such as defined, for example, by Gecseg and 
Steinby [9] and in the on-line textbook TATA [7]. In brief, the label of the 
current symbol and the current state uniquely determine the states assigned 
to the children of the current symbol (Definition 3.1). The second notion of 
top-down determinism is slightly more expressive. Here, the states assigned 
to the children of the current node are determined by the current node’s 
label, the state assigned to the current node, and the labels of the children 
(Definition 3.2). The latter notion of top-down determinism is reminiscent 
to the notion of “l-r-determinism” studied by Nivat and Podelski [17], and 
similar notions of top-down determinism on unranked trees have been stud- 
ied by Cristau, Léding, and Thomas [8] and by Martens [13]. We refer to 
the first kind of automata as blind and to the second as sensing. 


Definition 3.1. A blind top-down finite tree automaton (BTA) is a finite 


automaton A such that Rules(A) is a set of rules 


(q,a) — (41,92) or (q,a) > €. 


A run of A on a binary }-tree t is a mapping r : Nodes(t) — States( A) such 
that 


(i) r(e) € Init(A); 
(ii) for each leaf node u with label a, (r(u),a) —> € is in Rules(A); and 


(iii) for each non-leaf node u with label a, (r(u),a) > (r(u1),r(u2)) is in 
Rules(A). 


Ifa run exists, it is accepting. We say that a BTA is (top-down) deterministic 
if Init(A) is a singleton and no two of its rules have the same left-hand sides. 


Definition 3.2. A sensing top-down finite tree automaton (STA) is a finite 
automaton A such that Rules(A) is a set rules of the form 


a—>q or q(ai1,a2) > (41,42). 


For an STA A, we have that Init(A) = {q | a — q € Rules(A)}. A run of A 
on a binary -tree t is a mapping r : Nodes(t) — States(A) such that 
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FIGURE 2. Closure property for homogeneous tree languages. 


(i) if r(e) = q and lab(£) = a then there is a rule a — q € Rules(A), and 


(ii) for each non-frontier node u, if r(u) = q, lab(w1) = a1, and lab(u2) = 
az, then there is a rule q(ai, a2) —> (r(u1), r(u2)) in Rules(A). 


The run is accepting if, for each leaf node u, r(u) € Final(A). We say that 
an STA is deterministic if no two of its rules have the same left-hand sides. 


3.1 Relative expressive power 


It is well-known that top-down automata cannot recognize all regular tree 
languages. In this section, we compare several forms of top-down determin- 
ism that have been investigated with respect to their expressive power. 


3.1.1 Homogeneous languages 

Nivat and Podelski defined a notion of top-down determinism that they 
called I-r-determinism. This form of determinism will not be treated very 
deeply in this article, as it does not correspond to the order in which one 
would like to process trees in an XML context. We use their characterization 
in terms of closure under subtree exchange to formally argue this. Nivat and 
Podelski define a BTA A to be ]-r-deterministic if whenever (q,a) > (q1, q2) 
and (q,a) —> (q1, 494) is in Rules(A) then 


e qı Æ qi implies that L(Aļq2]) U L(Afq4]) = Z and 
e q2 # qh implies that L(A[q]) U L(Afqi]) = Ø. 


Here, for q = q1, q2, 91, qh, Alq] denotes automaton A in which Init(A) = {q}. 
We shall, however, focus on a characterization of the languages accepted by 
l-r-deterministic tree automata which is, for our purpose, more workable. 

A regular tree language L is homogeneous if, whenever t|u — a(t, t2)] € 
L, tlu — a(sı,t2)] € L, and t[u — a(tı, s2)] € L, then also t[u — a(sı, s2)] € 
L. This closure under subtree exchange is illustrated in Figure 2. 


3.1.2 The characterization 


We characterize the expressiveness of the tree automata models by the clo- 
sure properties introduced in Section 2.4. 
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FIGURE 3. A homogeneous language that is not spine-closed. 


Theorem 3.3 (Characterization Theorem). A regular tree language L 
is recognizable by 


(1) a deterministic BTA if and only if L is path-closed. 
(2) an br-deterministic tree automaton if and only if L is homogeneous. 
(3) a deterministic STA if and only if L is spine-closed. 


Theorem 3.3(1) is known from, e.g., Virágh [23] and from Gecseg and 
Steinby [10]. Theorem 3.3(2) is Theorem 2 in the work by Nivat and 
Podelski [17]. Finally, Theorem 3.3(3) is proved by Cristau, Löding, and 
Thomas [8] and by Martens [13] for more general unranked tree automata 
with this form of top-down determinism. It should be noted that Cristau et 
al. did not explicitly use a subtree exchange property for spine-closedness 
but an equivalent closure property that considers the spine language of a 
tree (as in the original definition of path-closedness). 


Corollary 3.4. 


(1) l-r-deterministic tree automata are strictly more expressive than deter- 
ministic BTAs. 


(2) Deterministic STAs are strictly more expressive than deterministic 
BTAs. 


(3) Deterministic STAs and |-r-deterministic tree automata are incompara- 
ble w.r.t. expressive power. 


Proof. (1) It is easy to see that every path-closed language is homogeneous. 
Furthermore, the language {a(b, b),a(c,c)} is homogeneous but not path- 
closed. 

(2) It is easy to see that every path-closed language is also spine-closed. 
Furthermore, the language {a(b, b), a(c, c)} is spine-closed but is not path- 
closed. 

(3) The language {a(a(b, b), a(c,c)), a(a(c, c), a(b, b)) } is homogeneous but 
not spine-closed (see also Figure 3). The language {a(b, b), a(b, c), a(c, b)} is 
spine-closed but not homogeneous. Q.E.D. 
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3.1.3 L-R-determinism versus top-down state assignment 

Figure 3 depicts a finite language L which is homogeneous but not spine- 
closed. So, L can be recognized by an |-r-deterministic tree automaton but 
not by a deterministic STA. 

One easily obtains infinite languages with this property. Indeed, let Lẹ 
and Le be the set of trees in which every internal node is labeled a and 
every leaf is labeled b and c, respectively. The language Ly. now consists of 
all trees a(ty,t.) and a(te, ta) for which ty € Lẹ and te € Le. Clearly, Lec is 
homogeneous. 

We now want to argue informally that, for any tree automaton A rec- 
ognizing Lbc, the state that A assigns to each of the two children of the 
root in an accepting run cannot be determined without looking arbitrarily 
deep into at least one subtree of the root. In other words, this means that 
there is at least one child u of the root such that A needs to investigate the 
subtree rooted at u before assigning a state to u. This is something what 
is not commonly associated with “top-down determinism” . 

Let A be a tree automaton that recognizes the language Lebe. Let n be 
an arbitrarily large natural number and let a(t,,t.) be a tree in Ly. such 
that every path from root to leaf in tẹ and te has length at least n + 1. 
This way, tẹ and te are identical up to depth n. Towards a contradiction, 
suppose that A does not investigate tẹ or te arbitrarily deep, i.e., not up to 
depth n, before assigning a state to the root of tẹ (the argument for te is 
the same). More formally, assume that the state A assigns to the root of 
ta is functionally determined by the structure of tẹ and te up to depth at 
most n — 1. Let rı be an accepting run of A on a(ty,t.) and let rg be an 
accepting run of A on a(te, ty). As A does not investigate ty or te arbitrarily 
deep, rı assigns the sames state to the root of tẹ in a(t, te) as rg assigns to 
the root of te in a(t.,t)). As A is a tree automaton, it is now easy to see 
that a(te, te) is also in L(A), with the accepting run that behaves as rp on 
the left copy of te and as rı on the right copy of te. This contradicts that 
A accepts Loe. 

Therefore, our focus in the remainder of the article will be on deter- 
ministic BTAs and deterministic STAs, rather than |-r-deterministic tree 
automata. 


3.2 Closure properties 


The characterization theorem can easily be used to show that deterministic 
top-down tree automata are not closed under complement and union. 


Theorem 3.5. 


(1) Deterministic BTAs and deterministic STAs are closed under intersec- 
tion. 
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(2) Deterministic BTAs and deterministic STAs are not closed under com- 
plement or union. 


Proof. (1) This follows immediately from the standard product construc- 
tion for tree automata. One merely has to observe that the intersection 
construction preserves the determinism constraint for BTAs and STAs. 

(2) These results can be proved quite directly from the characterizations in 
Theorem 3.3. Indeed, let Ly (resp., Le) be the tree language over alphabet 
{a,b,c} in which every internal node (i.e., with two children) is labeled a 
and every leaf is labeled b (resp., c). The languages La and Le are easily 
seen to be recognizable by deterministic BTAs. 

On the other hand, the union Ly U Le, the set of all trees in which every 
internal node is labeled a and either all leaves are labeled b or all leaves 
are labeled c is not spine-closed. Hence, Lẹ U Le is not recognizable by a 
deterministic STA, which means that deterministic BTAs and deterministic 
STAs are not closed under union. From closure under intersection and non- 
closure under union we can readily conclude non-closure under complement. 

Q.E.D. 


3.3 Static analysis 
In this section, we shall prove the following theorem: 


Theorem 3.6. 
(1) Emptiness is in PTIME for BTAs and STAs. 


(2) Containment is in PTIME for deterministic BTAs and deterministic 
STAs. 


(3) Minimization is in PTIME for deterministic BTAs and deterministic 
STAs. 


Proof. (1) It is well-known that emptiness is in PTIME for (non-determin- 
istic bottom-up) tree automata in general [7]. Therefore, emptiness is also 
in PTIME for deterministic BTAs and deterministic STAs. 

(2) It is easy to see that deterministic BTAs and deterministic STAs and 
intersections thereof are in fact unambiguous tree automata. The result now 
follows from the work by Seidl, who proved that equivalence of unambiguous 
tree automata is in PTIME [18]. 

(3) For deterministic BTAs, this follows from the work by Gecseg and 
Steinby [9]. Although their work does not explicitly concern complexity, 
they prove that minimization for deterministic BTAs can be polynomially 
reduced to equivalence/containment for deterministic BTAs. As contain- 
ment for deterministic BTAs is in PTIME by part (2), we also have that 
minimization is in PTIME. 
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(1) Reduce A, that is, 


(a) remove all states q from A for which L(A[q]) = Ø; and then 


(b) remove all states q from A which are not reachable from Init(A). 


(2) Test, for each p Æ q in States(A), whether L(A[p]) 
If L(A[p]) = L(Al[g]), then 


(a) replace all occurrences of p in the definition of A by q and 


(b) remove p from A. 


FIGURE 4. The Minimization Algorithm. 


To explain their algorithm, we start by discussing a minor optimization 
matter for tree automata. For an automaton A and q € States(A) we denote 
by Alq| the language accepted by A when Init(A) = {q}.4 We say that q is 
reachable in A if one of the following holds: 


e q € Init(A) or 


e p is reachable and there is a rule of the form (p,a) — (q1,q2) or 
plaı,a2) > (q1, q2) in Rules(A), where q = qi or q = q2. 


We now say that A is reduced if, every state q is useful, that is, q is reachable 
and L(Aļq]) # Ø. Algorithmically, one would convert a tree automaton 
into a reduced tree automaton by first removing all the states q for which 
L(A[q]) = @ and then removing all the states that are not reachable. The 
order in which these two steps are performed is important, as the other 
order does not necessarily produce a reduced automaton. 

The following observation states that a state is useful if and only if it 
can be used in some accepting run of the automaton. 


Observation 3.7. Let A be a tree automaton and q € States(A). Then, q 
is useful if and only if there exists a tree t € L(A), an accepting run r of A 
on t, and a node u € Nodes(t) such that r(u) = q. 


The algorithm of Gecseg and Steinby is now informally presented in Fig- 
ure 4. 


Interestingly, for deterministic STAs, it seems that one can likewise use 
the algorithm of Figure 4 for minimization. It only has to be shown that, 


4 If A is an STA, we require in addition that every rule a — p is replaced by a > q. 
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given a deterministic STA, the algorithm returns a minimal deterministic 
STA. Thereto, let Amin be the automaton obtained by applying the above 
minimization algorithm on a deterministic STA A. Formally, we need to 
prove that 


(a) Amin is a deterministic STA; 
(b) L(Amin) = D(A); and that 
(c) the number of states of Amin is indeed minimal. 


To show (a), observe that, in step (1) of the algorithm, we only remove 
states. Hence, no non-determinism is introduced in step (1). In step (2), 
non-determinism can be introduced by overwriting occurrences of p with q. 
However, the following observation, which is easy to show by contraposition, 
proves that this non-determinism is removed further on in the algorithm. 


Observation 3.8. Let p and q be two states such that L(A[p|) = L(A[d]) 
and let p(a1, a2) — (pi, p2) and qg(a1, a2) > (qi, q2) be two transition rules 
of A. Then L(A[pi]) = L(A[q]) and L(A[p2]) = L(Alge]). 


To show (b), observe that, in step (1), we only remove states that cannot 
be used in a successful run of A (Observation 3.7). Hence, this does not 
alter the language accepted by A. In step (2), we replace states p in A with 
states q that define the same language. The following observation is easy 
to prove: 


Observation 3.9. Let p and q be two states such that L(A[p]) = L(A[q]). 
Let A’ be obtained from A by replacing all occurrences of p in the definition 
of A by q, and by removing q. Then L(A) = L(A’). 


It remains to show (c), which is a bit more involved. First, we introduce 
the following concept. We say that a finite tree automaton A over © has 
spine-based runs if there is a (partial) function 


f:(2U{#, V})* > States(A) 


such that, for each tree t € L(A), for each node v € Nodes(t), and for each 
accepting run r of A on t, we have that 


r(v) = f(spine'(v)). 
Observation 3.10. Every deterministic STA has spine-based runs. 


Proof. Let A be a deterministic STA. We assume w.l.o.g. that A is reduced. 
We define the function f : (BU{#, V})* — States(A) inductively as follows: 
for each a € X, f(aVa) = q, for the unique q such that a —> q is a rule in A. 
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Further, for every string wo#fwiaVaw2 with wo E (HU {#, V})*, wi, we € 
XU {e}, and a € X, we define f(wo#fwiaVaw2) = q where f(wo) = p 
and q is the unique state such that the following holds. If wı = €, q is 
the unique state such that p(a,we) — (q,q') € Rules(A), and if wo = €, 
then q is the unique state such that p(wi,a) > (q’,q) € Rules(A). As A 
is a reduced deterministic STA, f is well-defined and induces a spine-based 
run. Q.E.D. (Observation 3.10) 


Observation 3.11. Let A, and Ag be equivalent deterministic STAs and 
let t € L(A1) = L(A2). Let rı and r2 be the unique runs of A; and A> on 
t, respectively, and let u be a node in t. Then L(Aj[ri(u)]) = L(A2[re(u)]). 


Proof. Let p and q be ri(u) and r2(u), respectively. If|£(Ai[p])| = |£(A2[q])| 
= 1, the proof is trivial. We show that L(Aj[p]) C L(Aəlq]). The other in- 
clusion follows by symmetry. 

Towards a contradiction, assume that there exists a tree to € L(A;[p]) — 
L(Ag{q|). As Aı is reduced, there exists a tree To in L(A1), such that 


e to is a subtree of To at some node v; and, 
e ri (v) = p, where ri is the unique run of A, on To. 


As ri(u) = p = r| (v), the tree t3 = tu < to] is also in L(A,). As A; and 
Ap are equivalent, t3 is also in L(A2). Notice that u has the same spine in t 
and in t3 = t|u — to]. By Observation 3.10, A> has spine-based runs, which 
implies that r5(u) = q for the unique run r4 of A2 on ts. Therefore, to € 
L(Ag2{q|), which leads to the desired contradiction. Q.E.D. (Observation 3.11) 


The next observation states that every equivalent minimal deterministic 
STA is equally large as Amin. 


Observation 3.12. If Ao is a minimal deterministic STA for L( Amin), then 
|Ao| = |Amin|- 


Proof. As Ao is minimal, we know that Apo is reduced and that |Ao| < |Amin|- 
As Amin is the output of the minimization algorithm, Amin is reduced as 
well. 

We only have to prove that |Amin| < |Ao|. Towards a contradiction, as- 
sume that |States(Amin))| > |States(Ao)|. For every state q € States(Amin), 
let tf in E L(Amin) be a tree and uf ip E Nodes(t?,,.) such that rfin (ut...) = 
q for the unique accepting run rfin of Amin on tf in: Moreover, let, for every 
such tZ in rg be the unique accepting run rg of Ao on thin: 

According to the Pigeon Hole Principle, there exist two states p Æ q € 
States(Amin) such that rô (u? in) = ré (ufin) = po, for some po € States(Ao). 
From Observation 3.11, it now follows that L(Amin[p]) = L(Ao[po]) = 
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L(Amin{q|). This contradicts that Amin is the output of the minimization 
algorithm, as there still exist two states for which step (2) must be per- 
formed. Q.E.D. (Observation 3.12) 


This concludes the proof of the theorem. Q.E.D. (Theorem 3.6) 


4 Top-down automata on unranked trees 


The definition of unranked tree automata dates back to the work of Thatcher 
[21]. Unranked tree automata use Ty (that is, unranked X-trees) as their 
data structure. For convenience, we sometimes abbreviate “unranked tree 
automaton” by UTA in this section. We start by defining blind top-down 
deterministic unranked tree automata, which generalize the determinism in 
BTAs to unranked trees. Blind top-down deterministic unranked automata 
are, e.g., defined in [5] under the name of top-down deterministic automata. 


Definition 4.1. A blind top-down deterministic unranked tree automaton 
(BUTA) over © is a finite automaton A over © in which Rules(A) is a set 
of rules of the form 


a>p or (q,a) > B 


such that Init(A) = {p | a > p € Rules(A)} is a singleton and B is a 
deterministic FSA over States( A) with the property that, for each i € N, 
L(B) contains at most one string of length i. Furthermore, for each q € 
States(A) and a € Alphabet(A), Rules(A) contains at most one rule of the 
form (q,a) > B. 

A run of A on a tree t is a labeling r : Nodes(t) — States(A) such that 


e if lab(e) = a and r(e) = q then a > q € Rules(A) and, 


e for every node u € Nodes(t) such that lab(u) = a, r(u) = q, and 
u has n children, there is a rule (q,a) — B such that B accepts 
r(ul)---r(un). 


Notice that, in the second bullet, the criterion that u is a leaf reduces 
to € € L(B). Therefore, each run that satisfies the above conditions is 
accepting. 


Notice that the regular languages defined by the above Bs are very 
restricted. Indeed, as pointed out in [16], Shallit [19] has shown that such 
regular languages are finite unions of regular expressions of the form xy*z 
where x,y,z € d*. 

Just as in the ranked case, blind top-down determinism is the most 
widely accepted form of top-down determinism. However, in a context such 
as XML, blind top-down determinism is not very useful as its expressiveness 
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is very limited. We therefore also investigate ‘sensing’ extensions that can 
read labels of child nodes before assigning them states. 

The following definition is the generalization of determinism for STAs. 
In a similar effort to generalize determinism for STAs to unranked trees, 
Cristau et al. [8] and Martens [13] define models with the same expressive 
power as this one. 


Definition 4.2. An offline sensing top-down deterministic unranked tree 
automaton (offline SUTA) is a finite automaton A in which Rules(A) is a 
set of rules of the form 


ap or q— By, 


where the automata B, are FSAs over X and use the states of A as their state 
set. That is, States(B,) = States(A). Furthermore, all the B, have same the 
final states and the same transition rules, that is, for all q1, q2 E€ States(A), 
Final(B,,) = Final((B,,) and Rules(B,,) = Rules(B,,). In short, the only 
difference between the automata B; is their choice in initial states. Fur- 
thermore, 


e for each a € Alphabet(A) there is at most one rule of the form a > p, 
e for each q € States(A), there is at most one rule q > B4, and 
e for each rule q — By, By is an unambiguous FSA. 


We define Init(A) to be {p | a — p € Rules(A)} and we require that 
Init(A) C Final(.B,), for each state q. 
A run r of A on a tree t is a labeling r : Nodes(t) — States(A) such that 


e if lab(e) = a and r(e) = q then a —> q € Rules(A) and, 


e for every node u € Nodes(t) such that lab(u) = a, r(w) = q, and u 
has n children, there is a rule q — B, such that r(ul)---r(un) is an 
accepting run of B, on lab(ul)---lab(un). 


As with BUTAs, the criterion that u is a leaf reduces to € € L(B) in the 
second bullet. Therefore, each run that satisfies the above conditions is 
accepting. 


The restriction to unambiguous FSAs actually ensures that the complete 
child string can be read prior to the assignment of states. We note that the 
above mentioned work [8, 13], where “sensing top-down determinism” is 


5 A similar sharing of states is used in stepwise tree automata, which were used for 
defining a clean notion of bottom-up determinism for unranked tree automata [15]. 
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simply called “top-down determinism”, employs slightly more involved but 
equivalent definitions in terms of expressive power. 

In Section 4.2, we shall see that, in contrast to the ranked case, offline 
sensing top-down determinism is in fact too powerful for efficient static 
analysis. In particular, minimization will turn out to be NP-hard for offline 
sensing deterministic automata. We therefore discuss online sensing, an 
intermediate form of top-down determinism which is also known under the 
name of restrained competition for extended DTDs. This restriction will 
turn out to be more expressive than blind top-down determinism, while 
retaining the desirable complexities for static analysis. 


Definition 4.3. An online sensing top-down deterministic unranked tree 
automaton (online SUTA) is an offline SUTA with the difference that, for 
each rule q — By, Bq is a deterministic FSA. 


The restriction to deterministic FSAs ensures that states have to be 
assigned to child nodes when processing them from left to right. 


4.1 Relative expressive power 


Again, we characterize the expressiveness of the formalisms in terms of 
subtree exchange properties. 


Theorem 4.4. An (unranked) regular tree language L is recognizable by 
1. a BUTA if and only if L is path-closed. 
2. an online SUTA if and only if L is ancestor-sibling-closed. 
3. an offline SUTA if and only if L is spine-closed. 


The proof of Theorem 4.4(1) is analogous to the ranked case. Theo- 
rem 4.4(2) and Theorem 4.4(3) are proved by Martens et al. [13, 14]. 
The next corollary then immediately follows: 


Corollary 4.5. 
1. BUTAs are strictly less expressive than online SUTAs. 


2. Online SUTAs are strictly less expressive than offline SUTAs. 


6 Extended DTDs or EDTDs are a grammar-based alternative to tree automata which 
have been investigated in the context of XML schema languages [13, 14]. 
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4.2 Static analysis 
Theorem 4.6. 


1. Emptiness is in PTIME for BUTAs, online SUTAs and offline SUTAs. 


2. Containment is in PTIME for BUTAs, online SUTAs and offline SU- 
TAs. 


3. Minimization is in PTIME for online SUTAs. 
4. Minimization is NP-complete for offline SUTAs. 


Proof. (1) This follows from the result that emptiness is in PTIME for 
non-deterministic unranked tree automata. (See, e.g., [13].) 

(2) This follows from PTIME containment for unambiguous (ranked) tree 
automata [18]. For example, when translating an offline SUTA to a ranked 
tree automaton through the well-known first-child next-sibling encoding, one 
obtains an unambiguous ranked tree automaton. Containment of the un- 
ranked tree automata can then be decided by testing containment for the 
unambiguous ranked automata. 

(3) We can reduce to Theorem 3.6(3) by means of the unranked-versus- 
ranked encoding enc and decoding dec illustrated in Figure 5. We explain 
intuitively how a run of an online SUTA A for L translates to a run of a 
deterministic STA enc(A) for enc(L). We assume w.l.o.g. that A is reduced. 
Assignment of initial states to the root of the trees is the same for both 
automata. Furthermore, the transition rules translate as follows. For each 
q € States(A) and a € Alphabet(A), Rules(enc(A)) contains 


ea—qifa—q in Rules(A); 
e (V,#) > (P` , deat) if Init(By) = {p} and q € Final(B,); 
e g(V,a) > (p’,q’) if Init(B,) = {p} and q 4 qd’ € Rules(B,); 


— (dear, q’) if By accepts € and q Sy E Rules(B,); 


e 
z 
Ps 


© q7 (#,a) > (deat, q') if g—> q' € Rules( B4); and 
e a#,#) — (deat; qieaf) if Bq accepts £ and q is a final state in B4. 


Here, qieaf is a new state not occurring in States( A). The states q” are 
copies of states q in A that can only be assigned to the V-labeled nodes in 
the encoding. The encoded automaton always assigns qieaf to leaf symbols. 
Hence, Final(enc(A)) = qeat. Figure 5 illustrates an automaton A, an 
accepting run of A on a tree t, and an accepting run of enc(A) on enc(t). 
It is easy to see that this encoding preserves determinism. The de- 
coding, however, would not preserve determinism in general, as the initial 
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(a) Automaton A accepting the tree in Figure 5(b). 


a 40 a qo 
\ sa 
< Va #0 
qı b2 cB da ~e4% Z/N 
#0 bg 
/ 
de f Q7 ia ea 3 
V 
d9 hgs Pea ae 


gds #0 #10 
N 
# M10 


Z/N 
#10 #0 


(b) An unranked tree and its ranked encoding. 
FIGURE 5. Encoding of unranked to binary trees (and back) that links 


deterministic STAs to online SUTAs. Letters a,...,h represent alphabet 
symbols and {qo,..., dio} represent states of an accepting run. 
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states Init(B,) might not be unique. It can be shown, however, that if L 
is ancestor-sibling closed, the decoding of a minimal deterministic STA for 
enc(L) is always deterministic. 

In order to give the relation between the minimal sizes of A and enc(A), 
we need a few parameters. We call a state q of A a sink state, when no rules 
of the form q > B occur in A and no B has a rule q S q' for some a. For 
example, the state qio in Figure 5 is such a sink state. We define sink(A) = 0 
if A has such a sink state and sink(A) = 1 otherwise. Furthermore, let 
trans-init(A) be the number of states p such that {p} = Init(B,) for some 
q and p has an incoming transition. 


Observation 4.7. There exists an online SUTA of size k for L(A) if and 
only if there exists a deterministic STA of size k + sink(A) + trans-init(A) 
for L(enc(A)). 


The reasons for the difference in sizes concerning the sink state and the 

trans-init states are as follows. If A contains a sink state q, then enc(A) 
could use this sink state instead of Meat to label all the #-leaves in the 
encoding. Furthermore, in the encoding, each V node is labeled by a copy 
q’ of a state q, which introduces extra states for enc(A). However, if q 
contains an incoming transition in A (and A is reduced), then both q and 
q” appear in the minimal automaton for L(enc(A)). 
(4) We first argue that minimization for offline SUTAs is in NP. To this end, 
observe that, given an offine SUTA A and an integer k, an NP algorithm 
can guess an offline SUTA B of size at most & and test in PTIME (according 
to Theorem 4.6(2)) whether A and B define the same language. 

For the NP lower bound, we reduce from the minimization problem 
for unambiguous FSAs, which is shown to be NP-complete by Jiang and 
Ravikumar [11]. Observe that, in the proof of Jiang and Ravikumar [11, 
Theorem 3.1], it is shown that minimization is already NP-hard for unam- 
biguous FSAs that only accept strings of length two. As FSAs that only 
accept strings of length two have a sink state, i.e., a state with no outgoing 
transitions, this simplifies our reduction. 

Thereto, let U be an unambiguous FSA that only accepts strings of 
length two and let k be an integer. We construct an offline SUTA A and an 
integer £ such that there exists an equivalent unambiguous FSA for L(U) 
of size at most k if and only if there exists an offline SUTA for L(A) of size 
at most £. 

Let r be a symbol not occurring in Alphabet(U). Intuitively, A will ac- 
cept the trees r(w) such that w € L(U). We define States(A) = States(U) w 
{qo}, Alphabet(A) = Alphabet(U) w {r}, and the rules of A are defined as 


e r> do, 


° (qor) EE U, and 
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e (q,a) — E, for every q € States(U) and a € Alphabet(U), 


where E is the UFA with States(E) = {qf} and L(E) = {e}. Here, qp is a 
state in Final(U) which is reachable in U from an initial state of U. Finally, 
L=k+1. 

We need to argue that the reduction is correct. It is easy to see that A 
accepts {r(w) | w € L(U)}. 

We need to prove that there is an unambiguous FSA for L(U) of size at 
most k if and only if there is an offline SUTA for L(A) of size at most £. 
From left to right, let U’ be an unambiguous FSA of size at most k for L(U). 
Then, A’, constructed from U’ in the same way as A is constructed from U 
is an offline SUTA for L(A) of size at most @. From right to left, let A’ be 
an offline SUTA for L(A) of size at most £. W.l.o.g., we can assume that A’ 
is reduced. As A’ is an offline SUTA, A’ has a unique state qo which is used 
in the rule r > qo. Now consider the transition rule of qo, i.e., gg —> U” in 
Rules(A). Clearly, U” accepts L(U). As A’ only accepts trees of depth two, 
we have that go has no incoming or outgoing transitions in the definition of 
U”. (Otherwise, as A’ is reduced, trees can be constructed that are also in 
L(A’) and have depth larger than two, contradicting that L(A’) = L(A).) 
Therefore, the unambiguous FSA U’, obtained from U” by removing state 
qo also recognizes L(U) and has size at most k. Q.E.D. 


A similar result as Theorem 4.6(3) was also proved in the context of 
extended DTDs in [15]. To the best of our knowledge, the precise com- 
plexity of minimization for BUTAs is still unknown. It is in NP, as testing 
equivalence between BUTAs is in PTIME. 


4.3 Closure properties 


The same closure properties hold for the deterministic unranked tree au- 
tomata as for the ranked tree automata we defined. The witness languages 
for non-closure are analogous to the ones in Section 3.2. 


5 Regular frontier checks 


In this section, we revisit the notion of regular frontier checks as a theoretical 
tool to close top-down deterministic languages under Boolean operations. 
We apply regular frontier checks to unranked automata. 

To this end, we assume that the frontier of a tree is no longer an un- 
ordered set, but ordered from left to right. That is, we assume the lexico- 
graphical ordering < on Frontier(t). 


Definition 5.1. A top-down deterministic unranked tree automaton with 
regular frontier check (FC-UTA) over alphabet © is a (blind, online sensing, 
or offline sensing) top-down deterministic unranked tree automaton A over 
alphabet ©, together with a regular language F over alphabet © x States(A). 
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A run of A on a tree t is defined precisely the same for blind, online 
sensing, or offline sensing unranked automata, respectively. A run r is 
accepting if (lab(u1),r(u1))--- (lab(un), r(un)) E€ F, where Frontier(t) = 
{ui,...,Un} with uy < +++ < Un. 


On ranked trees, top-down tree automata with frontier checks are known 
to be closed under union, intersection, and complement [12]. On unranked 
trees, these results can be obtained analogously. Moreover, in order to 
obtain this closure, one does not even need arbitrary regular languages. 
Indeed, it is sufficient to consider locally threshold testable languages [22] 
with diameter k = 1. 

Hence, FC-UTAs could be one candidate for closing schema languages 
for XML under the Boolean operations, thereby resolving the issues in model 
management or schema integration. 


6 Conclusions and discussion 


We presented an overview of top-down determinism in ranked and unranked 
tree automata, and explored several connections between them. As many 
connections were to be expected, we start the conclusions with a discrep- 
ancy. This discrepancy is observed between the (ranked) deterministic sens- 
ing tree automata (STAs) and the (unranked) deterministic offline sensing 
tree automata (offline SUTAs). Although they are closely related — they 
have, e.g., the same expressive power on binary trees and their way of assign- 
ing states to nodes in a top-down fashion is quite similar — we have shown 
that optimization, i.e., state minimization, is easy for one class but hard 
for the other.’ Indeed, whereas state minimization is in PTIME for STAs, 
it is NP-complete for offline SUTAs. When inspecting the NP-hardness 
proof, the difference becomes even more striking: it already holds for offline 
SUTAs recognizing binary trees. 

It thus follows that the determinism in offline SUTAs is actually not a 
very suitable notion for “top-down determinism” on unranked trees. Simi- 
larly as has been argued for the “standard” notion of bottom-up determin- 
ism on unranked trees [15], determinism in offline SUTAs corresponds more 
closely to unambiguousness rather than true determinism.® 

On the positive side, the determinism in online SUTAs seems to be 
more suitable. Online SUTAs have been investigated in the context of XML 
schema languages under the name of restrained competition EDTDs and are 
already attributed to have desirable static analysis properties, while being 
more expressive than the core of XML Schema [14]. It is even decidable 


7 If PTIME S NP. 

8 Of course, this is because our definition of determinism in offline SUTAs use unambigu- 
ous automata. However, we feel that similar problems will arise when investigating 
minimization for the equally expressive models presented in [8, 13]. 
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(EXPTIME-complete) for a bottom-up (non)-deterministic unranked tree 
automaton, whether there exists an equivalent deterministic online SUTA. 
The latter is referred to as the simplification problem. 

In conclusion, only the determinism notion in online SUTAs is known to 
be truly top-down deterministic on unranked trees. Determinism in BUTAs, 
as defined by Briiggemann-Klein et al. [5] as the straightforward extension of 
the “standard” top-down determinism for ranked trees [7], is a bit different. 
In spite of the close connection to the well-behaved top-down determinism 
on ranked trees, minimizing deterministic BUTAs is not completely trivial 
and the precise complexity is still unknown. From an XML point of view, 
however, this notion of determinism might be less interesting. It assigns 
states to nodes, only based on the number of their siblings, which makes 
them rather poor in expressive power. When one would, for instance, want 
to allow an automaton to read the label of a node before assigning it a state, 
which seems to be the case in XML schema languages for example, the 
determinism in online SUTAs would be the obvious candidate. 


With respect to future research several natural directions emerge: 


1. Top-down determinism and closure properties. As previously men- 
tioned, the lack of closure under union is quite unnatural for an XML 
schema language. This leads to the following natural questions: (1) 
What are the possible additions to the deterministic top-down au- 
tomaton model that closes them under the Boolean operations?; (2) 
What is the best way to approximate a Boolean combination of deter- 
ministic top-down tree automata?; and, (3) What are the properties of 
the class consisting of the Boolean closure of deterministic top-down 
tree automata (BC-TA)? 


2. Optimization problems. Minimization is of course a very important 
problem. Can FC-UTAs or BC-TAs be efficiently minimized? Fur- 
thermore, what is the complexity of the simplification problem (as 
defined above) for the various models? 


3. In practice not many XML schemas are available and some of those are 
syntactically incorrect, which leads to the problem of automatically 
inferring them from a set of XML documents. As the latter reduces to 
learning in the limit from positive data of deterministic top-down tree 
automata, it would be interesting to pinpoint classes which can be 
learned in this manner. Bex et al. addressed the problem of inferring 
subclasses of DTDs and XSDs [2, 3]. 
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Abstract 


We give a survey of the expressive power of various monadic logics 
on specific classes of finite labeled graphs, including words, trees, and 
pictures. Among the logics we consider, there are monadic second- 
order logic and its existential fragment, the modal mu-calculus, and 
monadic least fixed-point logic. We focus on nesting-depth and quan- 
tifier alternation as a complexity measure of these logics. 


1 Introduction 


There is a close relationship between (generalized) automata theory and the 
expressive power of certain monadic logics. Already in 1960, Biichi and El- 
got proved that a word-language is recognizable by a finite automaton if, and 
only if, it can be characterized by a monadic second-order formula. Since 
then, various analogous results, e.g., for labeled trees rather than words, 
and also for more general classes of labeled graphs, have been obtained. 
Alluding to the notion of “descriptive complexity theory”, in his survey ar- 
ticle [39] for the Handbook of Formal Languages, Wolfgang Thomas called 
the branch of research that investigates the relationship between generalized 
finite automata and monadic logics a “descriptive theory of recognizability” . 


* Both authors wish Wolfgang Thomas all the best for this jubilee. Matz would like to 
express his gratitude for Wolfgang Thomas’ careful supervision during the preparation 
of Matz’ Ph.D. thesis. Furthermore, we should like to thank the anonymous referee 
for the detailed remarks. 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 531-552. 
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The present paper’s aim is to give a survey of the expressive power of 
various monadic logics (including monadic second-order logic and its ex- 
istential fragment, the modal mu-calculus, and monadic least fixed-point 
logic), on specific classes of finite labeled graphs. In particular, we give 
details on the following topics: 

It is known that on finite words and labeled trees, all the above men- 
tioned monadic logics have the same expressive power and can characterize 
exactly the languages that are recognizable by a suitable notion of finite 
automata. Moreover, already one single existential set quantifier suffices 
to obtain the expressive power of existential monadic second-order logic on 
words, trees, and pictures (i.e., two-dimensional words or, equivalently, la- 
beled grid-graphs). This goes back to a paper by Wolfgang Thomas [38], in 
which he showed that a single existential set quantifier suffices for words. 
From the proof, one can also infer an elegant proof which shows that finite 
automata can be simulated by monadic least fixed-point logic. Wolfgang 
Thomas’ Ph.D. students Potthoff [32] and Matz [25] obtained according re- 
sults for trees and pictures, respectively. On the other hand, when going 
slightly beyond the class of pictures, it is known from work by Otto [31] that 
within existential monadic second-order logic, more set quantifiers lead to 
strictly more expressive power. 

While on words and labeled trees, existential monadic second-order logic 
has the same expressive power as full monadic second-order logic, the sit- 
uation is different for the class of pictures. From work by Giammarresi, 
Restivo, Seibert, and Thomas [17] it is known that existential monadic 
second-order logic can define exactly the recognizable picture languages, 
which are characterized by a suitably adapted automaton model, the tiling- 
systems. But full monadic second-order logic on pictures has considerably 
more expressive power and, in fact, precisely corresponds to the linear time 
hierarchy (i.e., the linear time analogue of Stockmeyer’s polynomial time 
hierarchy). Similarly, building on results by Schweikardt [36], one obtains 
that the picture languages definable in monadic least fixed point logic can 
encode at least all problems that belong to Grandjean’s deterministic linear 
time complexity class DLIN [18]. Furthermore, unless P = NP, the expres- 
siveness of monadic least fixed point logic on pictures is strictly weaker than 
that of monadic second-order logic. 

Also some aspects concerning the fine structure of monadic second-order 
logic over pictures and graphs are understood quite well by now: Matz, 
Schweikardt, and Thomas [28, 35, 27] showed that the monadic second- 
order quantifier alternation hierarchy is strict, i.e., that formulas in prenex 
normal form having a prefix of k+1 alternations of set quantifiers can de- 
scribe strictly more picture languages (or, in general, graph properties) than 
formulas with only k quantifier alternations. Note, however, that this re- 
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sult does not have implications concerning the strictness of the linear time 
hierarchy (or the polynomial time hierarchy) as the levels of the monadic 
second-order quantifier alternation hierarchy do not correspond to the levels 
of the linear time hierarchy. 

When considering the modal mu-calculus instead of monadic second- 
order logic on finite labeled graphs, an according hierarchy based on the 
alternation of least and greatest fixed point operators was proved indepen- 
dently by Bradfield [4] and Lenzi [22], see also Arnold [2] for an elegant 
proof. (The hierarchies proved in [4, 22, 2] are about general structures 
that are not necessarily finite; via the mu-calculus’ finite model property 
(cf., e.g., [3]), however, they can be directly transferred to the class of fi- 
nite labeled graphs.) Up to date, it still is an open question whether an 
analogous hierarchy can be proved for monadic least fixed point logic. 


The rest of this paper is structured as follows: In Section 2 we fix the nec- 
essary notation concerning the logics and the structures that are considered 
in this paper. Section 3 concentrates on the relations between (finite-state) 
recognizability of word languages, tree languages, and picture languages 
and their definability in various monadic logics. In Section 4, we go be- 
yond recognizability and study nesting-depth and quantifier alternation as 
a complexity measure of logics. 


2 Logics and structures considered in this paper 


This section fixes some basic notations and conventions used throughout 
the remainder of the paper. 


2.1 Structures 


All structures considered in this paper are finite and can be viewed as par- 
ticular kinds of labeled graphs. Namely, we consider labeled trees, words, 
and pictures (i.e., two-dimensional words). 

Let us fix a finite alphabet ©, whose elements serve as letters at positions 
in a word or a picture or as labels for nodes in a graph or a tree. For this 
exposition it is convenient (and no essential loss of generality) to assume 
that © is of the form {0,1} for some t > 0 (for t = 0, the alphabet © is a 
singleton). 

A word (over ©) is a finite sequence of elements in ©. A word language 
is a set of words. In order to use logic formulas to define word languages 
we consider the signature {Succ, B1, .., Bt}, where Succ is a binary relation 
symbol and B,,..,B,; are unary relation symbols. We identify a word w = 
W1-+'+W, over ÈX with the structure of signature {Succ, B1, .., B+} whose 
universe is the set [n] := {1,..,n} of positions in the word, and where 
Succ is interpreted by the natural successor relation on [n] and, for every 
i € {1,..,t}, the relation symbol B; is interpreted by the set of all positions 
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at which the word carries a letter (o1,..,04) € © = {0,1 ¥ with c; = 1. 

Pictures are two-dimensional analogues of words, i.e., a picture (over X) 
is a two-dimensional (rectangular) array over ©. A picture language is a 
set of pictures. Like for words, it is straightforward to associate, with every 
picture, a model over a specific signature, this time with two binary rela- 
tions Succ, and Succ, for the horizontal and the vertical successor relation, 
respectively. 

For convenience, all trees considered in this paper will be ordered and 
binary, i.e., every node is either a leaf or has two children. Each node 
of a labeled tree (over X) is labeled by an element in X. A tree language 
is a set of labeled trees. Similarly as words and pictures, also trees can 
be identified in a straightforward way by structures over the signature 
{Succ1, Succ2, Bi,.., Bt}, where the binary relations Succ, and Succg are 
used for the edges from a node to its first child and to its second child, 
respectively. 


2.2 Logics 


We assume that the reader is familiar with first-order logic (FO), monadic 
second-order logic (MSO), least fixed-point logic (LFP), and the modal 
mu-calculus. We write MLFP for monadic least fixed-point logic, i.e., the 
fragment of LFP where only monadic second-order variables are allowed. It 
is straightforward to see that monadic least fixed-points can be defined in 
MSO, and thus the expressive power of MLFP lies between the expressive 
power of FO and the expressive power of MSO. Some focus of the present 
paper will also be on existential monadic second-order logic (EMSO), which 
consists of all MSO-formulas of the form 


AX, ++ 3X; y, 


where y is first-order, £ > 0, and X,,.., X¢ are set variables (i.e., monadic 
second-order variables). Further, we shall write 1-EMSO for the fragment 
of EMSO where just a single set variable is available. 

If y is a sentence (over a suitable signature and a certain logic), the 
(word, picture, or tree) language defined by ¢ is the set of all words (or 
pictures or trees) whose associated word (or picture or tree) models make 
y true. 


3 Monadic logics and recognizability 


This section concentrates on the relations between recognizability of word 
languages, tree languages, and picture languages and their definability in 
various monadic logics. Here, “recognizability” refers to non-deterministic 
finite automata or suitable adaptations thereof. 

We shall first quickly review the well-known results on words and trees 
which, basically, state that all the monadic logics mentioned in Section 2 
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have the same expressive power, namely of defining exactly the regular word 
languages and tree languages. 

Afterwards, we shall move over to the case of pictures, where things 
turn out to be much more subtle, since the various monadic logics differ 
with respect to their power of defining picture languages. 


3.1 Monadic logics and recognizability of words and trees 


The class of regular (or, recognizable) word languages plays a central role in 
the theory of formal languages. One reason for this is the large variety of its 
conceptually different characterizations, for example by means of monoids, 
grammars, automata, closure properties, and logics. Concerning the subject 
of this paper, let us focus on the following two: non-deterministic finite 
automata (NFA) and monadic second-order logic. 


Theorem 3.1 (Biichi-Elgot, [6, 12]). A word language is regular if, and 
only if, it can be defined by an MSO-sentence. 


Since we shall come back to this later (in the context of pictures instead of 
words), let us briefly point out the essential steps in the well-known proof 
of the above theorem. 


Proof (sketch). One direction is simple to prove: Given a non-deterministic 
finite automaton 2, we have to construct a monadic second-order sentence 
that asserts for a given word (model) that there exists an accepting run. 
The existence of such a run can be expressed by a formula of the form 


AX, saa JX; p(X, sx , Xe), 


where an assignment to the set variables encodes an assignment of Ws states 
to positions in the word, and vy asserts that for any two consecutive posi- 
tions, this assignment is compatible with the automaton’s transition rela- 
tion, the initial state and the final states. We observe that the resulting 
formula is in the existential fragment EMSO of monadic second-order logic. 

The other direction is more intricate. Typically, it is done as follows: 
Given an MSO-sentence y, we may pass to a similar sentence y’ in prenex 
normal form, where all first-order quantifiers are eliminated and special, 
new predicates singleton(X) are used instead, which assert for a set X that 
it has just one element. An NFA can be constructed by induction on the 
construction of such formulas. In this induction, one exploits that the class 
of regular word languages is closed under union, complementation, and pro- 
jection, to handle disjunction, negation, and existential MSO quantification, 
respectively. Q.E.D. 


The above proof, in particular, leads to: 
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Corollary 3.2. Over the class of words, every MSO-sentence is equivalent 
to an EMSO-sentence. 


Even more, it is known that already a single existentially quantified set 
variable suffices: 


Theorem 3.3 (Thomas, [38]). Over the class of words, every MSO-sentence 
is equivalent to a 1-EMSO-sentence. 


Proof (sketch). The proof relies on the following simple and elegant idea: 
Given a deterministic finite automaton 2 with r states and, w.lo.g., state 
space {1,...,r}, each state i can be represented by the bit-string 01°0"~* 
of length r’ := r+ 1. If w is an input word, we can subdivide w into sub- 
words such that each of these sub-words has length r’, except for the last 
one, whose length is between r’ and 2r’ — 1. Each of these sub-words can 
be decorated by the bit-string that represents Ws state when entering the 
first position of the sub-word. Such bit-strings, in turn, can of course be 
represented by an assignment to a single set variable, e.g., by assuming that 
the set consists of exactly those positions where the bit-string carries the 
letter 1. 

Now, it is easy to construct a 1-EMSO-sentence of the form 3X y(X), 
where vy is first-order and expresses that the bit-string represented by X 
encodes the list of states assumed by 2 at the beginnings of the sub-words. 
For constructing y, note that (1) each sub-word has constant length < 2r’, 
(2) the leftmost positions of the sub-words can be identified from the fact 
that they do not belong to X but their successors do, and (3) the steps that 
XA performs while reading the sub-word can be simulated by a first-order 
formula. This way, y can check that the list of states represented by X 
is consistent with Ws transition relation and represents an accepting run 
of 2. Q.E.D. 


A closer look at this proof sketch shows that a similar set X can also be 
defined as a monadic least fixed-point of a suitable first-order formula: This 
time, sub-words of length r’ := 1 + 2r are considered, and each state i € 
{1,..,r} is represented by the bit-string 10°~110?"~*. Note that r’ is chosen 
in such a way that the distance between two consecutive positions carrying 
the letter 1 tells us, which of the two positions marks the beginning of a 
sub-block and which of the two positions marks a state of the automaton. 
Using this, one obtains that every regular word language can be described 
by an MLFP-sentence which uses just a single monadic least fixed point 
operator (see Potthoff [32] for details). In a similar way, one can also prove 
that the modal mu-calculus can describe exactly the regular word languages. 
In summary, we thus have the following situation: 
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Theorem 3.4. On the class of words, MSO, EMSO, 1-EMSO, MLFP, and 
the modal mu-calculus have the same expressive power and can describe 
exactly the regular word languages. 


The same result holds true for the class of labeled trees (cf. [37, 10, 32, 20}). 

If we leave the classes of words and labeled trees and pass over to pic- 
tures, this is not the case any more. We shall give details on this in the 
next subsection. 


3.2 EMSO-definability and recognizability of pictures 


In [16], Giammarresi and Restivo suggested a natural adaptation of NFA to 
picture languages: the so-called tiling-systems. 


Definition 3.5. A tiling-system is a quadruple (£, T, A, 7), where © and 
T are finite alphabets, 7: T — È is an alphabet projection, and A is a set of 
2x2-pictures over alphabet T U {#}, where # is a fresh boundary symbol. 
The mapping 7 is lifted to pictures in the obvious way. 

A picture p over © is accepted by such a tiling-system iff there is a picture 
r over T such that m(r) = p and A contains all 22-sub-blocks of the picture 
that results by surrounding r with the boundary symbol #. The picture 
language recognized by some tiling-system T is the set of pictures accepted 
by T. 


Example 3.6. Consider the tiling-system T = ({a},{0,1},A,7), where 
m(0) = m(1) = a, and where A is the set of 2 x 2-subblocks of 


H # # # # # # # # # 
#01010101# 
#00110011# 
#00001111# 
F EH EH HHHH H 


Then T recognizes the set of all pictures p over {a} for which there exists 
m > 1 such that p has size m x 2™. Intuitively, T establishes a mechanism 
of binary counting the columns. 


More examples of recognizable picture languages can be found in Gi- 
ammarresi and Restivo’s article in the present book. 

Unlike the regular word languages, which are pretty simple to under- 
stand, the recognizable picture languages can be very complex, both from an 
intuitive and from a computational point of view. For example, in [33, 34], 
Reinhard has found examples of picture languages whose proofs of recog- 
nizability are very difficult and which disproved previous conjectures by 
Matz, e.g. [24]. Still, examples near the borderline between recognizable 
and non-recognizable picture languages are subject of current research, see 
[7]. 
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It is known that the class of recognizable picture languages is closed 
under union, intersection, row- and column-concatenation, and row- and 
column-Kleene-star [16], but we have: 


Theorem 3.7 (Giammarresi-Restivo-Seibert-Thomas [17]). Ifthe alphabet 
has at least two symbols, the class of recognizable picture languages is not 
closed under complement. 


A witness for the above theorem is given by: 


Example 3.8 (Giammarresi-Restivo-Seibert-Thomas, [17]). Let L be the 
set of pictures over {0,1} that result from the concatenation of two identical 
pictures of quadratic shape. Then L is not recognizable, but its complement 
is. 


The statement of Theorem 3.7 is true also for singleton alphabets, see The- 
orem 4.12 below. 


MSO logic, of course, is closed under negation, so Theorem 3.7 immedi- 
ately implies that the statement of Theorem 3.1 is not true when replacing 
the terms “word language” and “regular” with “picture language” and “rec- 
ognizable”. However, it is known that the existential fragment of monadic 
second-order logic, EMSO, has exactly the right power for expressing rec- 
ognizable picture languages: 


Theorem 3.9 (Giammarresi-Restivo-Seibert-Thomas, [17]). A picture lan- 
guage is recognizable if, and only if, it can be defined by an EMSO-sentence. 


The “easy” direction in the proof is to show that recognizability by a 
tiling-system can be described by an EMSO-formula. This case can be 
handled in a similar way as in the proof of Theorem 3.1. 

The other direction, however, cannot be handled in a similar way as in 
that proof because the initial replacement of first-order quantifiers by set 
quantifiers would force us to deal with the negation during the induction, but 
the class of recognizable picture languages is not closed under complement. 
Thus, one essential step in the proof given in [17] is a specific treatment of 
the first-order quantifiers with Ehrenfeucht-Fraissé games. This yields, as 
a side-product, also the characterization of the first-order definable picture 
languages as the locally threshold testable ones, analogously to the one- 
dimensional case. 

The characterization of the EMSO-definable picture languages given in 
Theorem 3.9 opened the door to several combinatorial arguments that al- 
low to show that certain picture languages are not EMSO-definable, see for 
example [15, 24]. This was the basis for the original proof of the strict- 
ness of the monadic second-order quantifier alternation hierarchy [28], see 
Section 4.3 below. 
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Similarly as for words it is known that for defining recognizable picture 
languages, already a single existentially quantified set variable suffices: 


Theorem 3.10 (Matz, [25]). Over the class of pictures, every EMSO-sen- 
tence is equivalent to a 1-EMSO-sentence. 


The proof is by an adaptation of the proof of Theorem 3.3 to the two- 
dimensional case: A tiling-system plays the role of the finite automaton 2, 
with the minor technical inconvenience that tiling-systems are inherently 
non-deterministic. However, the determinism of the automaton 2 in the 
proof of Theorem 3.3 is not essential. 

Let us mention that by results of Otto [31] it is known that when going 
slightly beyond the class of pictures, EMSO does not collapse to 1-EMSO 
but, quite to the contrary, there is a strict hierarchy within EMSO with 
respect to the number of existentially quantified set variables. To precisely 
state Otto’s result, let us write kK-EMSO for the fragment of EMSO where 
k set variables are available. Instead of pictures, Otto considers particular 
structures over a signature which consists of two binary relation symbols R 
and C. These Otto-grids are structures whose universe forms a rectangular 
array and where R and C are interpreted by the relations stating that two 
vertices belong to the same row, respectively, the same column of the array. 


Theorem 3.11 (Otto, [31]). For every k > 0 there is a (k+1)-EMSO- 
sentence that is not equivalent (over the class of Otto-grids) to any k-EMSO- 
sentence. 


The proof is by showing that the set Lẹ of all Otto-grids with the prop- 
erty that the number of columns is < 2(#+)-number of rows is definable in 
(k+1)-EMSO but not in k-EMSO (for the latter, an Ehrenfeucht-Fraissé 
game argument is used). 


To close the subsection on recognizable picture languages, let us have a 
quick look at the computational complexity of standard decision problems 
concerning recognizable picture languages. 


Proposition 3.12 (Giammarresi-Restivo, [16]). The emptiness problem 
for tiling-systems is undecidable. 


Proof (sketch). We sketch a reduction of the emptiness problem for Turing 
machines. Let XA be a Turing machine. It is straightforward to encode a 
configuration of 2 by a finite word over a fixed alphabet X. Each step in a 
computation of 2 corresponds to a local modification of that code. Every 
finite—and hence every accepting—run R of 2 can be encoded by a picture 
p over X}, where p contains, in each row 7, the code of the i-th configuration 
of R (possibly padded with blank symbols). 
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Now it is easy to effectively construct a tiling-system T that accepts all 
pictures that encode an accepting run. Then the language recognized by T 
is non-empty iff XA has an accepting run. Q.E.D. 


Furthermore, the membership problem for tiling-systems is NP-complete: 


Proposition 3.13 (Schweikardt, [35]). (a) The following problem belongs 
to NP: Given a tiling-system T and a picture p, does T accept p? 


(b) There exists a tiling-system T such that the following problem is NP- 
complete: Given a picture p, does T accept p? 


Proof (sketch). The proof of (a) is straightforward. (b) is obtained by cod- 
ing the (NP-complete) problem of satisfiability of propositional formulas 
in conjunctive normal form into an EMSO-definable picture language. To 
this end, each propositional formula œ is represented by a picture which 
has a row for each variable and a column for each clause of a, such that 
the entry in row 7 and column j of the picture is labeled by the letter P 
(resp. N, resp. ©) if the i-th propositional variable occurs unnegated (resp. 
negated, resp. not at all) in the j-th clause of a. A truth assignment to the 
variables of a is represented by a set X of positions in the picture which, 
for each row, contains either none or all positions of that row. Le., if the 
i-th propositional variable is assigned the value true (resp., false), then X 
contains all (resp. none) of the positions in the i-th row. It is not difficult 
to find an EMSO-formula ~ which expresses that there exists such a set 
X which encodes a satisfying assignment for a. Altogether, this gives us 
a reduction from the NP-complete satisfiability problem to the problem of 
deciding whether an input picture belongs to the picture language defined 
by w. Q.E.D. 


It is current research interest to determine computationally feasible sub- 
classes of recognizable picture languages, see e.g. the article of Giammarresi 
and Restivo in the present book. 


3.3 Picture languages definable in MSO and MLFP 


From the previous subsection we know that the EMSO-definable picture 
languages coincide with the 1-EMSO-definable and the recognizable picture 
languages. Furthermore, recall that Example 3.8 exposes a picture language 
that is not definable in EMSO. It is not difficult to see that this language 
is definable in MSO as well as in MLFP. The present subsection aims 
at a deeper understanding of the MSO-definable and the MLFP-definable 
picture languages. 


Let us first concentrate on the MSO-definable picture languages. It is 
easy to see that the membership problem for each MSO-definable picture 
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language belongs to LINH, i.e., the linear time hierarchy (cf., e.g. [11]), 
which is the linear time analogue to Stockmeyer’s polynomial time hierarchy. 
On the other hand, it is not difficult to see that, in fact, the MSO-definable 
picture languages precisely correspond to the linear time hierarchy, since 
every decision problem that belongs to LINH can be encoded by an MSO- 
definable picture language. This can be obtained as follows: From [29] we 
know that LINH is the class of all word languages that can be defined in 
MSO(Bit), i.e., in monadic second-order logic on words where in addition 
to the successor relation, also the Bit predicate on the set of positions in the 
word is available (the Bit predicate is the set of all tuples (i, j) such that 
the i-th bit in the binary representation of the natural number j is 1). The 
basic idea now is to represent a word of length n by a picture as follows: 
Let £ be the largest integer such that n > £- 2°, cut the word into sub- 
words of length 2°, and arrange the consecutive sub-words into consecutive 
rows of the resulting picture (if necessary, pad the last row with dummy 
entries to obtain a rectangular picture). Of course, the successor relation 
Succ of the original word can easily be simulated by an MSO-formula over 
the corresponding picture. Furthermore, it is a not too difficult exercise 
to also construct an MSO-formula over the picture which simulates the 
Bit predicate of the original word (hint: use an existentially quantified 
unary relation to encode a “column-numbering” which writes the binary 
representations of the numbers 0, 1,2,...2°—1 into the consecutive columns 
of the picture). It then is not difficult to see that every MSO(Bit)-definable 
set of strings is represented by an MSO-definable set of pictures. In this 
sense, the MSO-definable picture languages can encode all problems that 
belong to the linear time hierarchy. 


Let us now concentrate on the MLFP-definable picture languages. Of 
course, for each picture language defined by a fixed MLFP-sentence, the 
membership problem belongs to P. Together with Proposition 3.13 and the 
fact that the expressive power of MLFP lies between FO and MSO, this 
implies the following: 


Fact 3.14. Unless P = NP, MLFP is strictly less expressive on the class of 
pictures than MSO. 


On the other hand, MLFP is still quite expressive as it can define picture 
languages corresponding to every problem in the deterministic linear time 
complexity class DLIN introduced by Grandjean in [18]. The class DLIN is 
based on linear time random access machines. In a series of papers, Grand- 
jean made a convincing point that DLIN might be viewed as “the” adequate 
mathematical formalization of linear time complexity. For example, DLIN 
contains all problems in DTIME(n), i.e., all problems solvable by deter- 
ministic linear time multi-tape Turing machines; but DLIN also contains 
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problems such as the sorting problem, which are conjectured not to belong 
to DTIME(n). 

In a similar way as described above for MSO and LINH, one obtains 
that every problem in DLIN can be encoded by an MLFP-definable picture 
language—instead of using the characterization of LINH as the MSO(Bit)- 
definable word languages, one now just has to use a result from [36] stating 
that every word language which belongs to DLIN can be defined by an 
MLFP(Bit)-sentence. 


4 Alternation hierarchies 


In descriptive complexity theory it is a general task to classify properties by 
the complexity a formula must have to describe this property. But what is 
the suitable measure for the complexity of a formula? A typical approach 
is to measure the complexity by the nesting depth of the “most powerful 
ingredient” of the logic under consideration. 

For example, a measurement for the complexity of a first-order formula 
is the nesting depth of first-order quantifiers, neglecting the complexity 
introduced by boolean combinations. Another example is the modal mu- 
calculus, where it is the nesting depth of fixpoint iterations that is the 
natural means to measure the complexity of a formula. MSO is a third 
example, where the nesting depth of the most powerful quantifications (in 
this case, the monadic ones) establishes a measure of formula complexity. 

In Section 3 we have already considered the nesting depth of set quanti- 
fiers as a complexity measure of MSO-formulas and have seen (Theorem 3.3) 
that the corresponding hierarchy collapses for the classes of words and of 
trees whereas it is infinite for Otto-grids (Theorem 3.11). 

However, for many logics and classes of structures, the complexity mea- 
surement obtained by simply counting syntactic nesting of single quantifiers 
is (1) not sufficiently robust, and (2) does not result in the natural param- 
eters for the computational complexity, e.g. of the model checking or the 
satisfiability problem of formulas. 

To illustrate the first reason, consider two 1-EMSO-sentences on the class 
of finite structures. Their conjunction is in 2-EMSO but, unlike their dis- 
junction, in general not in 1-EMSO, so that the class of 1-EMSO-definable 
properties is not necessarily closed under intersection. 

To illustrate the second reason, let us consider MSO over words. A 
good approach for solving the model checking problem relies on the well- 
known construction of an NFA for a given MSO-formula (see Theorem 3.1 
and its proof sketch). The constructions for conjunction, disjunction, and 
existential quantification can be done directly on NFA and result in no 
essential increase of the number of states. However, the construction for the 
negation of a formula requires a deterministic automaton and therefore the 
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famous powerset construction, which results in an exponential state blow- 
up. Thus it is the alternation of existential quantifications and negation (or, 
equivalently: the alternation of existential and universal quantifications) 
that is significant for the increase of the state set size and therefore for the 
computational complexity of the model checking problem. 


4.1 First-order alternation 


As motivated above, one passes to a coarser view of “nesting” by consider- 
ing a block of only existential (or only universal) quantifiers as one single, 
“vectorial” quantifier. This vectorial approach is the basis for the first-order 
quantifier alternation hierarchy. For example, a property of finite labeled 
graphs is in the third level of that hierarchy iff it can be defined by a first- 
order formula that has a prenex normal form with a quantifier prefix of 
type 


i.e., a quantifier prefix with three blocks of first-order quantifications, start- 
ing with an existential one, and the following kernel formula is quantifier- 
free. Level k of the first-order quantifier alternation hierarchy is usually 
denoted ©?, its “complement” II? (i.e., II? is the set of all graph properties 
that can be defined by a first-order formula in prenex normal form that has 
a quantifier prefix with k blocks of first-order quantifications, starting with 
a universal one). 


Theorem 4.1 (Chandra-Harel-Thomas, [8, 38]). The first-order quantifier 
alternation hierarchy is strict over the class of finite labeled graphs, i.e., for 
every k > 0, X} G U2.,. Furthermore, for every k > 1, U2 # M9. 


Chandra and Harel’s proof in [8] explicitly provides, for each k > 0, a 
property of finite labeled directed graphs that belongs to X} 4, but not to 
2. They consider graphs that are equipped with a distinguished “start 
node” and a subset of nodes called “winning positions”. With each such 
graph, they associate a 2-player game in which a token is moved along the 
edges of the graph. At the beginning, the token is placed on the “start 
node”. The players take turns, starting with player 1, and in each move 
one of the players moves the token along an edge of the graph. After k+1 
such moves, player 1 has won the game, if the token lies on a “winning 
position”. It is now easy to find a X? 4,-Sentence which expresses that 
player 1 has a winning strategy for k+1 moves; and by an Ehrenfeucht- 
Fraissé game argument it can be shown that this cannot be expressed by 
any U?-sentence. 

A different proof of the strictness of the first-order quantifier alterna- 
tion hierarchy is given in [38], where Wolfgang Thomas considers first-order 
formulas over word models with a different signature than in the present 
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paper, namely with the ordering < instead of the successor relation on the 
word positions. He shows that the first-order quantifier alternation hierar- 
chy over that signature corresponds to the dot-depth alternation hierarchy, 
which is shown to be strict in [9]. 

However, for words, trees, and pictures (over the signatures introduced 
in Section 2.1, i.e., without ordering but with successor relation(s)), the 
first-order quantifier alternation hierarchy collapses to boolean combinations 
of its first level. This is a consequence of the characterization of first- 
order definable properties of words, trees, and pictures by local threshold 
testability, cf., e.g., the survey [39] and the article [17]. 


4.2 Fixpoint alternation in the mu-calculus 


Niwiński [30] introduced vectorial fixpoints to result in a sufficiently coarse 
and robust definition for the modal mu-calculus fixpoint alternation hierar- 
chy which relies on the number of alternations of least and greatest fixed 
point quantifiers—see [4] for a detailed discussion of that subject. 


Theorem 4.2 (Bradfield, [4]). The modal mu-calculus alternation hierar- 
chy is strict over the class of finite labeled graphs, i.e., for every k > 0, there 
is a property of finite labeled graphs that is definable in level k+1 of the 
Niwinski alternation hierarchy of the modal mu-calculus, but not in level k. 


In [22], Lenzi proved a corresponding but slightly weaker result referring 
to a different variant of fixpoint alternation, the Emerson-Lei hierarchy. An 
elegant proof of Bradfield’s and Lenzi’s hierarchy was given by Arnold in [2]. 
Let us mention that the hierarchies proved in [4, 22, 2] are about general 
structures that are not necessarily finite; via the mu-calculus’ finite model 
property (cf., e.g., [3]), however, they can be directly transferred to the class 
of finite labeled graphs. 

On the other hand, when considering the class of finite words (instead of 
the class of finite labeled graphs), the modal mu-calculus alternation hier- 
archy is known to collapse (this can be proved in a similar way as discussed 
in the paragraph before Theorem 3.4). More details on the collapse of the 
modal mu-calculus hierarchy on particular classes of structures can be found 
in (23, 40, 21]. 

It is a challenging future task to settle the following question: 

Question 4.3. Does a similar result as Theorem 4.2 hold for monadic least 
fixed point logic MLFP instead of the modal mu-calculus? I.e., is there a 
strict hierarchy within MLFP that is based on the number of alternations 
of least and greatest fixed point quantifiers? 

4.3 Monadic second-order logic 


Let us now consider monadic second-order logic MSO. In that logic, the 
most powerful ingredient is the set quantification. The quantifier structure 
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of an MSO-formula in prenex normal form can be represented by a word over 
the four-element alphabet {4,V,3,v}, where J, V represent set quantifiers, 
and 3,v represent first-order quantifiers. In the following, we use regular 
expressions over that alphabet to describe quantifier prefixes of formulas in 
prenex normal form. 

Every MSO-formula is equivalent (over the class of all structures) to an 
MSO-formula whose quantifier prefix is of type 


{5 VF {a,v}. 


A transformation of a given MSO-formula 7 into the above form can be 
done in three steps: Firstly, replace every sub-formula of the form Jz y(x) 
with an equivalent formula of the form 3X (singleton(X) A y'(X)), where 
singleton(X) is an auxiliary first-order formula asserting that X is a sin- 
gleton, and where y’ results from y by replacing every atomic formula 
a(@1,..,2n) with a suitable auxiliary first-order formula a’(X1,..,Xn). 
Note that the resulting formula 7)’ contains first-order quantifiers only within 
the new auxiliary formulas singleton(X) and a/(X1,.., Xn). Secondly, trans- 
form 7’ into prenex normal form, treating the auxiliary formulas like atoms. 
Now, viewing the auxiliary formulas again as first-order formulas, the re- 
sulting MSO-formula Y” obviously consists of a quantifier prefix of set 
quantifiers that is followed by a first-order formula. By transforming the 
first-order part of this formula into prenex normal form, one then obtains 
an MSO-formula in prenex normal form whose quantifier prefix is of type 
{5,V}*{a,v}*. 

4.3.1 The MSO Quantifier Alternation Hierarchy 

The definition of the monadic second-order quantifier alternation hierarchy 
(or “MSO alternation hierarchy” for short) is based on the above represen- 
tation. For each k > 0, level k of this hierarchy consists of those properties 
(of, say, finite labeled graphs) that can be defined by an MSO-formula in 
prenex normal form where the set quantifiers are grouped into k blocks, 
existential and universal in alternation, starting with an existential one. 
While most parts of Section 3 are devoted to EMSO, the first level of this 
hierarchy, we consider the higher levels now. For example, a property is 
in level three of that hierarchy iff it can be defined by a formula in prenex 
normal form of type 


ay aaa: 
i.e., one that starts with three blocks of set quantifiers, the first one being 
existential, and continues with a first-order kernel formula. 
Let us denote level k of the MSO quantifier alternation hierarchy by 
mon-»}, its “complement” by mon-H} (i.e., mon-II{ consists of all graph 
properties whose complement belongs to mon-;), and their intersection 
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by mon-Aj. Furthermore, we write BC(mon-¥;) to denote the class of all 
properties that can be defined by a boolean combination of sentences suit- 
able for mon-X;. (Thus BC(mon-j) is the smallest superclass of mon-Lj, 
that is closed under union and complement.) 

By slightly abusing notation, we shall sometimes also speak of mon-U; 
formulas to address the particular kind of formulas suitable for defining 
properties that belong to mon-Dj. 

Fagin has shown that connectivity of finite graphs is (analogously to Ex- 
ample 3.8) definable by a sentence in prenex normal form of type V" {3, v}*, 
but not by one of type 3” {s,v}*. This leads to the following result: 


Theorem 4.4 (Fagin, [13]). mon-4} 4 mon-II} and thus, in particular, 
mon-»} Ç mon-X4. 


Fagin raised the question whether the MSO quantifier alternation hi- 
erarchy collapses on some higher level. The question has been answered 
negatively in [28]. Refining that proof, [35, 27] shows that a witness for the 
separation of level k+1 from level k is the set of all pictures of size m x f(m) 
for a specific (k+1)-fold exponential function: this picture language is defin- 
able by a sentence with k+1 alternations of set quantifiers, but not by one 
with just k alternations of set quantifiers. The same witness even separates 
mon-Aj,,, from BC(mon-;). Using standard techniques, the results can 
be transported to the class of graphs. We thus obtain 


Theorem 4.5 (Matz-Schweikardt-Thomas, [27]). For every k > 0, 
mon-b;, Ç mon-;,,,- Moreover, there even exists a picture language over 
a singleton alphabet that belongs to mon-Aj 41 but not to BC(mon-}). 


However, the proof of this theorem has also exhibited the following: 
it is not the alternation of set quantifiers that gives the expressive power 
needed to leave a fixed level of that hierarchy—it is the nesting of first-order 
quantifiers, followed by one single block of set quantifiers. For example, 
there is an MSO-sentence with quantifier prefix of type 


vV“ {a v}*, 
that is not equivalent to any sentence with quantifier prefix of type 
a ies es 


(and likewise for values larger than three). 

How is this possible? The definition of the MSO quantifier alternation 
hierarchy allows to neglect first-order quantifications inside the kernel for- 
mula, but it does not allow to neglect first-order quantifications completely. 
This is so because first-order quantifications do not factor through monadic 
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second-order quantifications, unlike for the full second-order logic, in which 
quantification is available over relations of arbitrary arity. We shall take a 
closer look at this phenomenon in the following paragraph. 


4.3.2 The Closed MSO Hierarchy 


As motivated above, the value of the strictness of the MSO quantifier al- 
ternation hierarchy would be much higher if first-order quantification was, 
by definition, neglectable. This point was made by Ajtai, Fagin, and Stock- 
meyer in [1]. In that paper, the authors suggest the closed MSO alternation 
hierarchy, which is coarser and more robust than the ordinary MSO alter- 
nation hierarchy because it allows to intersperse first-order quantifiers “for 
free” between set quantifiers. For example, a property is in level three of 
that hierarchy iff can be defined by an MSO-formula which has a prenex 
normal form of type 


{A,av}" {V,a,v}" {A,a,v} {av}. 


As noted in [1], the strictness of the closed MSO alternation hierar- 
chy would be implied by the conjectured strictness of the polynomial time 
hierarchy, because each level of the latter is closed under first-order quantifi- 
cation and each level of the MSO alternation hierarchy contains a complete 
problem for the polynomial time hierarchy. The following is a challenging 
future task: 


Task 4.6. Show, without relying on complexity theoretic assumptions, that 
the closed MSO alternation hierarchy is strict. 


4.3.3 The First-Order Closure 
As pointed out above, it is desirable to understand more about the role of 
first-order quantifications in the context of monadic second-order quantifier 
alternation. Let us mention two approaches that have been made to achieve 
progress in this area. Both deal with the first-order closure of some subclass 
L of MSO, meaning the smallest superset of £ that is closed under first-order 
quantification and boolean combinations. 

In [19], the authors develop a technique to infer new separation results 
dealing with the first-order closure. Specifically, they show the following: 


Theorem 4.7 (Janin-Marcinkowski, [19]). Let V,W c {4,V,3,v}". Let 
S be a graph property definable by a prenex normal form of type V but 
not by one of type W, then there is another property definable by a prenex 
normal form of type dw V but not by one of type {3,v}* W. 


This technique works for the class of graphs, but it does not work for 
the classes of words, trees, or pictures. The authors of [19] apply it to show 
the following corollary (previously shown directly in [1]). 
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Corollary 4.8. There exists a graph property definable by a prenex normal 
form of type 3J*{3,v} J“ {3,v}* but not with one of type {a, v} J" {3, v}. 


Apart from this, not many separation results are known by now. In fact, 
to our best knowledge, even the following remains open: 


Question 4.9. Is every MSO-formula equivalent to one of the form 
Jav Jav ? 


For the class of pictures, [26] contains another preliminary step towards 
understanding the expressive power of the first-order closure of logics. In 
that paper, the MSO alternation hierarchy with first-order closure is con- 
sidered. A property belongs to level k of that hierarchy iff it is definable in 
the first-order closure of the set of mon-X} formulas. 


Theorem 4.10 (Matz, [26]). The MSO alternation hierarchy with first- 
order closure is strict. 


The proof shows, for example, that there is a prenex normal form of type 
wo va V“ {a,v} that is not equivalent to a prenex normal form of type 
{3,v}* J“ V“ J {3,v}*. That means, to exceed some level of the MSO alter- 
nation hierarchy with first-order closure, only two blocks of set quantifiers 
are needed. 


4.4 Labels and complement 


Let us review the mentioned results and see what they imply concerning 
the question whether the levels of the MSO quantifier alternation hierarchy 
are closed under complement. Theorem 4.5 considers the class of picture 
languages over a singleton alphabet and shows that, for every k, there is a 
picture language that belongs to level k+1, but not to level k of the MSO 
alternation hierarchy. This implies 


Corollary 4.11. For every k > 1 there exists a t > 0 such that there is a 
picture language over alphabet © := {0,1}! which belongs to mon-X} but 
not to mon-II;. 


By standard encoding techniques it can be deduced that t = 1 suffices. 
In other words, if the alphabet © is fixed and of size > 2, then all separation 
results of Figure 4.4 hold. Even more, the above is true also for a singleton 
alphabet, so Theorem 3.7 can be generalized to: 


Theorem 4.12 (Matz, [26]). For every k > 1 there is a picture language 
over a singleton alphabet which belongs to mon-Y;, but not to mon-IT}. 
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1 1 
mon-4;,, Æ mon-I;,, 


1 
mon-Ak41 


BC(mon-¥;.) 


mon->; #  mon-Ilj, 


FIGURE 1. The MSO quantifier alternation hierarchy 


A picture language which witnesses the difference between mon-;, and 


mon-I]}, is the set of all pictures of size m x n for which n is not a multiple 
of f(m), where f is a specific (k+1)-fold exponential function. 


Again, the witness sentence actually makes little use of set quantifiers. 


For example, if k = 5, it is of the form 


ayaa {a,v}. 
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Abstract 


We study two-player non-zero sum games of perfect information 
in infinite games on graphs. We suggest that in such games, it is 
useful to study structurally specified strategies, so that we can reason 
about how a player’s strategy may depend on assumptions about the 
opponent’s strategy. In such a setting, we show that best response 
computation can be carried out in games with Muller objectives. We 
discuss a simple modal logic in which we can reason about how a 
player can ensure an outcome by following a specific strategy. 


1 Summary 


We discuss strategies in non-zero sum games of perfect information on 
graphs. The study of non-zero sum games on graphs is motivated by the 
advent of computational tasks on the world-wide web and related security 
requirements which have thrown up many interesting areas of interaction 
between game theory and computer science. For example, signing contracts 
on the web requires interaction between principals who do not know each 
other and typically distrust each other. Protocols of this kind which involve 
selfish agents can be easily viewed as strategic games of imperfect infor- 
mation. These are complex interactive processes which critically involve 
players reasoning about each others’ strategies to decide on how to act. In 
the case of interacting web services, these games involve infinite plays as 
well. Developing a game theoretic computational study of such interactions 
is an interesting challenge. Admittedly, these are games of partial infor- 
mation, but a theoretical analysis is interesting even in the more restricted 
case of perfect information. 

On one hand, zero sum games on graphs have been extensively studied 
in logic and automata theory [5], and on the other, a rich theory of non- 
zero sum matrix form games has been developed by game theorists [8]. We 
call graph games large, to indicate that plays consist of (long) sequences of 
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moves, whereas matrix form games are termed small, in the sense that a play 
is typically one simultaneous move. We can have matrix form presentations 
for sequential plays as well, but not very usefully for analysis. 

While one talks of winning strategies in win / loss games, when players 
have overlapping objectives, we consider the best response each player can 
offer to moves of other players. In a small game which consists of both 
players deciding on a move simultaneously, it is best analyzed by considering 
pairs of moves. When we have a pair (a,b) such that a is player 1’s best 
response to player 2 deciding on b, as well as the other way about, they 
constitute a Nash equilibrium: there is no incentive for rational players to 
unilaterally deviate from such a decision. Thus equilibrium concepts predict 
rational play, and games are so designed that equilibrium behaviour achieves 
desired outcomes. Nash’s theorem asserts the existence of equilibria in the 
space of randomized strategies and game theory offers similar theorems for 
related notions of equilibria. 

Equating equilibria with rational play rests on the following analysis: 
at a game position a rational player would choose the best response to the 
opponent’s strategy which (by assumption of rationality of the opponent) 
must be his best possible choice of move. Thus, the reasoning critically 
involves players reasoning about other players’ strategies. When strategies 
consist of picking one move out of a set of possible moves, such as in small 
games, this is clear. When strategies use the current history of play to 
make a local move when the eventual outcome is not as yet determined, the 
situation is much less clear. 

A strategy is a function from the set of partial plays to moves: it advises 
a player at a game position on the choice she can make. In a large game, 
this amounts to a complete specification of behaviour in all possible game 
situations. But then in such a game, one player’s knowledge of the strategies 
employed by the other is necessarily partial. Rational play requires much 
finer analysis since strategies have structure that depends on the player’s 
observations of game positions, history of play and the opponent’s apparent 
strategies. 

Such study of structure in strategies is relevant even in finite, deter- 
mined, but large, zero-sum games. A classic example of such a game is the 
game of chess. Zermello showed in [14] that chess is determined, i.e. from 
every game position, either there exists a (pure) strategy for one of the two 
players (white or black) guaranteeing that she will win or each one of the 
two players has a strategy guaranteeing at least a draw. However, given 
any game position, we do not know which of the three alternatives is the 
correct one. For games like Hex, it is known that the first player can force 
a win [3] but nonetheless a winning strategy is not known. Again, in such 
situations, rather than be content with reasoning about games using the 
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functional notion of strategies, one needs to reason about strategies them- 
selves. For instance, most of the chess playing programs use heuristics which 
are basically partially specified strategies. A library of such specifications 
is developed and during the course of play, the actual strategy is built up 
by composing various partial strategies. 

Thus we are led to the idea of strategies specified in a syntax, and com- 
posed structurally, with a player’s strategies built up using assumptions 
about another. The notion of strategy composition is inspired by an analo- 
gous notion of game composition proposed by Rohit Parikh [9] who initiated 
the study of game structure using algebraic properties. 

In this paper, we suggest that standard automata theoretic techniques 
can be employed to usefully specify and analyze partial strategies in non- 
zero games on graphs. We propose a syntactic framework for strategies in 
which best response can be algorithmically determined, and a simple modal 
logic in which we can reason about such strategies. This proposal is intended 
more as an illustration of such analysis; ideally, we need a “programming 
language” for strategies, whose structure should be determined empirically 
by how well they describe interesting heuristics employed in many classes 
of games that arise in applications mentioned above. 


Related work 


Automata theoretic analyses of two-player zero-sum infinite games of perfect 
information [|5] have led to interesting applications in the design and veri- 
fication of reactive systems and in control synthesis. We use this technical 
machinery, but in the non-zero sum context. 

As remarked earlier, the logical structure we study is inspired by propo- 
sitional game logic [9]. Pauly [10] has built on this to provide interesting 
relationships between programs and games, and to describe coalitions to 
achieve desired goals. Bonanno [2] suggested obtaining game theoretic so- 
lution concepts as characteristic formulas in modal logic. van Benthem [12] 
uses dynamic logic to describe games as well as (atomic) strategies. 

On the other hand, the work on Alternating Temporal Logic [1] considers 
selective quantification over paths that are possible outcomes of games in 
which players and an environment alternate moves. Here, we talk of the 
existence of a strategy for a coalition of players to force an outcome. [4] 
draws parallels between these two lines of work, that of Pauly’s coalition 
logics and alternating temporal logic. In the work of [6] and [13], van der 
Hoek and co-authors develop logics for strategic reasoning and equilibrium 
concepts. 

The underlying reasoning, whether explicitly described (as in game log- 
ics) or implicit (as in automata theoretic studies) is carried out in a logic of 
games and the reasoning is about existence of strategies, rather than about 
strategies themselves. For instance, the existence of an appropriate strategy 
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in sub-games is used to argue the existence of one in the given game. More- 
over, most of the techniques involve win / lose games. Thus our departure 
consists in considering non-zero sum games and (hence) structured partial 
strategies. 

In [11], we presented an axiomatization of the logic we discuss here. 
In this paper, the emphasis is more on showing how standard automata 
theoretic techniques can be employed to solve the associated algorithmic 
questions. 


2 Games and strategies 


We begin with a description of the game arena. We use the graphical model 
for extensive form turn-based games, where at most one player gets to move 
at each game position. 


Game arena 


Let N = {1,2} be the set of players and © = {a1,a2,..., am} be a finite 
set of action symbols, which represent moves of players. 

A game arena is a finite graph G = (W!, W?, —>, wo) where W’ is the 
set of game positions of player i for i € {1,2}. Let W = Wt U W?. The 
transition function —: (W x £) — W is a partial function also called the 
move function and wọ is the initial node of the game. Let 7 = 2 when i = 1 
and 7 = 1 when 7 = 2. 

Let the set of successors of w € W be defined as w= {w € W | w = w' 
for some a € X}. We assume that for all game positions w, we Ø. 

In an arena, the play of a game can be viewed as placing a token on 
wo. If player i owns the game position wo (i.e wo € W*), then she picks an 
action ’a’ which is enabled for her at wo and moves the token to w’ where 
wo — w'. The game then continues from w’. Formally, a play in G is an 
infinite path p : woaow1a1--- where Vj : wj ak wj41. Let Plays denote 
the set of all plays in the arena. 


Games and winning conditions 


Let G be an arena as defined above. The arena merely defines the rules 
about how the game progresses and terminates. More interesting are the 
winning conditions of the players, which specify the game outcomes. Since we 
consider non-zero sum games, players’ objectives need not be strictly con- 
flicting, and each player has a preference relation inducing an ordering over 
the set of valid plays. The game is specified by presenting the game arena 
along with the preference relation for each player. Let <‘C (Plays x Plays) 
be a complete, reflexive, transitive binary relation denoting the prefer- 
ence relation of player i for i € {1,2}. Then the game G is given as, 
G = (G, {S" hies1,2})- 
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In general, the preference relation need not have a finite presentation, 
and we restrict our attention to finite state preferences. (This is because 
in the applications we have in mind, as in network games, desired or pre- 
ferred plays are easily expressed as formulas of temporal logics.) Thus, the 
preferences of players are presented as finite state evaluation automata, with 
Muller acceptance conditions. 

Let M = (R, A, ro) be a deterministic automaton with finite set of states 
R, initial state ro € R and transition function A: Rx Wx — R. The 
evaluation automaton is given by: E = (M, {<° }ie{1,2}) where <° C (F xF) 
is a total order over F = 2” \ Ø for i € {1,2}. 

A run of € on a play p : s9aq--- € Plays is a sequence of states Y : ror, --: 
such that Vi: 0 < i < n, we have rj41 = A(ri,s;,a;). Let inf(y) denote 
the set of states occurring infinitely often in y. The evaluation automaton 
E induces a preference ordering on Plays in the following manner. Let 
p : 89a981-+- and p’ : soags,--- be two plays. Let the run of E on p and 
p be pi rori: ++ Tn and g’ : rori- rl, respectively. For i € {1,2}, we have 
p $$ p' iff inf(y) <t inf(y’). A game is presented as G = (G, £). 

We shall also be interested in binary evaluation automata which specify 
least outcomes for player i. Such a automaton is given by E}, where F € 2”: 
for every F” € 2", if F <t F’, it is taken to be “winning” for player i, and 
every F” Æ F such that F” <t F is taken to be “losing”. Such an automaton 
checks if i can ensure an outcome which is at least as preferred as F. Note 
that the terminology of win / loss is only to indicate a binary preference for 
player 7, and applies even in the context of non-zero sum games. 

Thus we have game arenas, with players’ preference on plays. We now 
discuss strategies of players. 


Strategies 

Let Gr denote the tree unfolding of the arena G. We use s,s’ to denote 
the nodes in Gr. A strategy for player 1, y = (W,,, — u, S0) is a maximal 
connected subtree of Gr where for each player 1 node, there is a unique 
outgoing edge and for the other player every move is included. That is, for 
s € W, the edge relation satisfies the following property: 


e if s € W} then there exists a unique a € © such that s “>, s’, where 


a 
we have s —>rp s’. 
. a a 
eifse Ww, then for each s’ such that s —>r s’, we have s —>,, 8’. 


Let Q! denote the set of all strategies of Player i in G, for i = 1,2. We 
shall use u to denote a strategy of player 1 and 7 a strategy of player 2. A 
strategy profile (u, T) defines a unique path p7, in the arena G. 

In games with overlapping objectives, the common solution concept em- 
ployed is that of an equilibrium strategy profile [7]. A profile of strategies, 
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one for each player, is said to be in equilibrium if no player gains by unilater- 
ally deviating from his strategy. The notion of equilibrium can be formally 
defined as follows. Let u denote a strategy of player 1 and 7 denote a 
strategy of player 2. 


e y is the best response for 7 iff Vy! € Qt, py, $+ py. 
e 7 is the best response for u iff Vr’ € Qa, pr, “AP pr: 


e (u,T) is a Nash equilibrium iff u is the best response for 7 and 7 is 
the best response for u. 


The natural questions that are of interest include: 

e Given a strategy 7 of player 2, what is the best response for player 1? 
e Given a strategy profile (4,7), is it a Nash equilibrium? 

e Does the game possess a Nash equilibrium? 


Clearly, if we can answer the first question, we can answer the second 
as well. In any case, to study these questions algorithmically, we need 
to be able to present the preferences of players and their strategies in a 
finite fashion. We have evaluation automata presenting preferences; we now 
proceed to a syntax for strategies. 


3 Strategy specification 


We conceive of strategies as being built up from atomic ones using some 
grammar. The atomic case specifies, for a player, what conditions she tests 
for before making a move. We can associate with the game graph a set 
of observables for each player. One elegant method then, is to state the 
conditions to be checked as a past time formula of a simple tense logic over 
the observables. The structured strategy specifications are then built from 
atomic ones using connectives. We crucially use an implication of the form: 
“if the opponent is apparently playing a strategy m then play o”. 

Below, for any countable set X, let Past(X) be sets of formulas given 
by the following syntax: 


a € Past(X) := x € X || dV pa | Ov. 


Syntax 


Let P? = {pġ, pi,...} be a countable set of observables for i € {1,2} and let 
P = P! U P?. The syntax of strategy specifications is then given by: 


Strat’(P*) := null | [Y => alt | o1 + 02 | o1 < 02 | T > 0 


where 7 € Strat’ (P! N P?) and w € Past(PŻ). 
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Semantics 


Given any sequence £ = tot, ---tm, V : {to,-+: ,tm} — 2%, and k such that 
0 < k < m, the truth of a past formula Y% € Past(X) at k, denoted £, k Ew 
can be defined as follows: 


e &£,kE pif p € V(s,). 

e £ k H ay if £, k Kv. 

e £, k H| Yi V yp iff £, k H Yi or £, k H yo. 

e £, k — Ov iff there exists a j: 0 < j < k such that é, j = Y. 


We consider the game arena G along with a valuation function for the 
observables V : W — 2°. We assume the presence of two special proposi- 
tions 7; for each i € {1,2} which specify at a game position, which player’s 
turn it is to move, i.e. r; € V(w) iff w is a player i game position. Given 
a strategy u of player i and a node s € yp, let ps : S09a9S1---Sm = S be 
the unique path in u from the root node to s. For a strategy specification 
a € Strat’(P*), we define when u conforms to a (denoted u |; o) as follows: 


e u |}; o iff for all player i nodes s € u, we have ps, 5 Hi; o. 


where we define ps, sj H; o for any player 7 node s; in ps as, 


e ps,Sj Hi null for all ps, sj. 


© ps,sj Hi (pra)! iff ps, sj H Y implies outy, (s3) = a. 


© ps, Sj Fi o1 +02 iff ps, Sj Hi 01 OF ps, Sj Fi o2- 


Ps, Sj Fi 01+ 02 iff ps, Sj Hi o1 and ps, 8; Fi 02. 


© Ps,8; Hi T > 0 iff for all player 7 nodes sk € ps such that k < j, if 
Ps, Sk Fr T then ps, Sj Fi O1. 


Above, m € Strat’ (Pt N P?), y € Past(P*), and for all i: 0 < i < m, 
out,,(s;) = a; and out,,(s) is the unique outgoing edge in p at s. 


Remarks 


Note that we do not have negation in specifications. One reason is that 
they are partial, and hence the semantics is not immediate. If we were 
to consider a specification of the form 7 = ø, we could interpret this as: 
if player has seen that opponent has violated m in the past, then play o. 
This seems rather unnatural, and hence, for the present, we are content 
to leave negation aside. Note that we do have negation in tests in atomic 
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specifications, and later we shall embed these specifications into a modal 
logic (with negation on formulas). 

When we consider repeated or multi-stage games, we have strategy 
switching, whereby players receive payoffs at specified points, and depend- 
ing on the outcomes, decide on what new strategies to adopt later. Then it 
makes sense to include specifications whereby a player conforms to a strat- 
egy until some observable change, and then switches to another strategy. 
In this context, we have (a form of) sequential composition as well as iter- 
ation. However, operators are best added after a systematic study of their 
algebraic properties. We stick to a simple presentation here since our main 
aim is only to describe the framework. As we shall see below, any set of 
specifications that allows effective automaton construction will do. 

Clearly, each strategy specification defines a set of strategies. We now 
show that it is a regular set, recognizable by a finite state device. In the 
spirit of prescriptive game theory, we call them advice automata. 


Advice Automata 

For a game graph G, a nondeterministic advice automaton for player i is a 
tuple A = (Q, 6,0, T) where Q is the set of states, J C Q is the set of initial 
states, ô : Q x W xd — 2 is the transition relation, and 0: Q x W’ > F, 
is the output or advice function. 

The language accepted by the automaton is a set of strategies of player 
i. Given a strategy u = (Wp, — n, 80) of player i, a run of A on uisa Q 
labelled tree T = (W,,,—,, A), where À maps each tree node to a state 
in Q as follows: A(so) € I, and for any s, where sp —>, s}, we have 
Ash) € BACK), sks ax); | 

A Q-labelled tree T is accepted by A if for every tree node s € W}, if 
s—+r s' then o(\(s)) = a. A strategy u is accepted by A if there exists an 
accepting run of A on u. 

It is easy to see that any bounded memory strategy can be represented 
using a deterministic advice automaton. In such a framework we can ask, 
given a bounded memory strategy for player 2 represented by a deterministic 
strategy automaton B, can we compute the best response for player 1? 


Proposition 3.1. Given a game G = (G,€) and a deterministic advice 
automaton B for player 2, the best response for player 1 can be effectively 
computed. 


The proposition is proved easily. For each F € 2”, we can construct a 
nondeterministic automaton Ap which explores paths of G as follows. It 
consults B to pick player 2’s moves and simply guesses 1’s moves. It runs 
the binary evaluation automaton €} for player 1 in parallel and checks if 
the run is winning for player 1. Now, we can enumerate the F € 2” in such 
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a way that those higher in <! appear earlier in the enumeration. We try 
automata Ap in this order. 

Therefore, given an strategy profile presented as advice automaton for 
each of the players, we can also check if a strategy profile constitutes a 
Nash equilibrium. However, we are interested in strategy specifications 
which are partial and hence constitute nondeterministic advice automata. 
The following lemma relates structured strategy specifications to advice 
automata. 


Lemma 3.2. Given a player i € {1,2} and a strategy specification o, we 
can construct an advice automaton A, such that u € Lang(A,) iff u i o. 


Proof. The construction of automata is inductive, on the structure of spec- 
ifications. Note that the strategy is implemented principally by the output 
function of the advice automaton. 

For a strategy specification g, let SF (ca) denote the subformula closure 
of o and SF¥,(a) denote the Past subformulas in ø. Call R C SFy(o) 
an atom if it is propositionally consistent and complete: that is, for every 
ay E€ SFy(c), =y € Riff y £ R, and for every 71 V2 E SFy(c), YY E R 
iff y, € Ror 72 € R. 

Let AT, denote the set of atoms. Let Co = {C E€ AT,| there does 
not exist any Ow € C}. For C,D € AT,,define C — D iff for all Oy € 
SF'y(o), the following conditions hold. 


e pEC> WED 
© UVEDSYVECor WEC. 


We proceed by induction on the structure of o. We construct automata 
for atomic strategies and compose them for complex strategies. 
(o = [Y |> al): The automaton works as follows. Its states keep track of 
past formulas satisfied along a play as game positions are traversed and 
that the valuation respects the constraints generated for satisfying ~. The 
automaton also guesses a move at every step and checks that this is indeed a 
when ~ holds; in such a case this is the output of the automaton. Formally: 

Az = (Qo, 50; Oo, Io), where 


Qo = AT; x. 
Is = {(C,x£)|C € Co, V (so) = C N Po, x € X}. 


For a transition s — s’ in G, we have: 
da((C, x), s,a) = {(C’, y)|C — C, V (s) = COP, y € È}. 


aC) = { a if pEC 


x otherwise 
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We now prove the assertion in the lemma that u E€ Lang(A,) iff u H; o. 


(=). Suppose u € Lang(A,). Let T = (W}, W2, —r, A) be the Q-labelled 
tree accepted by As. We need to show that for all s € W,,, we have ps, s = w 
implies out(s) = a. 

The following claim, easily proved by structural induction on the struc- 
ture of Y, using the definition of —> on atoms, asserts that the states of 
the automaton check the past requirements correctly. Below we use the 
notation ~ € (C, x) to mean 4% E€ C. 


Claim 3.3. For all s € W,, for all Yy’ € SFy(c), Y € A(s) iff ps, s H y. 


Assume the claim and consider any s € W,,.. From claim 3.3, we have 
Ps, S Fw implies ~ € A(s). By the definition of o, we have o(X(s), s) = a. 


(<). Suppose u Fy [Y + a]. From the semantics, we have Vs € Wi, Ps, S H 
p implies out(s) = a. We need to show that there exists a Q-labelled tree 
accepted by As. For any s let the Q-labelling be defined as follows. Fix 
ro ED. 


e For s € Wi, let A(s) = ({’ € SFy(o)|ps,5 H Y'}, out(s)). 


e For s € WÈ, let A(s) = ({’ € SFy(o)|ps,5 H Y}, 20). 


It is easy to check that A(s) constitutes an atom and the transition 
relation is respected. By the definition of o, we get that it is accepting. 

(o = c1-02): By induction hypothesis there exist Az, = (Qoi; foi, 001; Lo,) 
and A,, = (Qoz, o2, 0o02, Toz) which accept all strategies satisfying cı and 
02 respectively. To obtain an automaton which accepts all strategies which 
satisfy o1 -o2 we just need to take the product of As, and As,- 

(o = 01 +02): We take A, to be the disjoint union of As, and A,,. Since 
the automaton is nondeterministic with multiple initial states, we retain the 
initial states of both As, and A,,. If a run starts in an initial state of As, 
then it will never cross over into the state space of As, and vice versa. 

(o = 7 => 0’): By induction hypothesis we have Ar = (Qr, Ôn, Or, Ix) which 
accepts all player 2 strategies satisfying m and Ag) = (Qo, ðo’, Oo', Ior) 
which accepts all player 1 strategies satisfying o’. 

The automaton A, has the product states of A, and A,’ as its states 
along with a special state qfree. The automaton keeps simulating both Ar, 
Ag and keeps checking if the path violates the advice given by A,, if so it 
moves into state qfree from which point onwards it is “free” to produce any 
advice. Till z is violated, it is forced to follow the transitions of Av. 

Define A, = (Q, 6,0, I) where Q = (Qa XQo')U(GfreeX £). The transition 
function is given as follows: 
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e For s € W4, we have 0((dn; do"), 8,4) = {(q1;q2)lq1 € Or (Gn,5,a) and 
q2 € ĝo’ (qo',5,a)}. 


e For s € WẸ, we have: 


— If On (dns 8) # a, then 5((drs Io"), 85 @) n {(Gfree, a) a = Dap: 


— If On (drs 8) =q, then Òl (dr, Io"), 8,0) = {(q1, 92) |a1 € Oy res 8, a) 
and q2 E bo! (do’, 8, a). 


© 5((dtrees £), 8, a) = {(Gfree, a) |a € D} 


The output function is defined as follows: For s € W4, o((qr, qo’), 5) = 
0a'(Gor, S) and O((Gfree, £), S) = x. 

The automaton keeps simulating both Ar, As’ and keeps checking if the 
path violates m. If so it moves into state qfree from which point onwards it 
is not constrained to follow o’. Q.E.D. 


4 Best response 


Since a strategy specification denotes a set of strategies satisfying certain 
propeties, notions like strategy comparison and best response with respect 
to strategy specifications need to be redefined. 

Given a game arena G = (G,€) and a strategy specification 7 for player 
7, we can have different notions as to when a specification for player i is 
“better” than another. 


e Better:(c,o’): if there is an F € 2”, then there is a py’ with p' =; o' 

such that for all 7 with 7 =z 7, p7, is winning with respect to EŻ then 
there is u with u Fie such that for all r with 7 =x 7, p/, is winning 
with respect to Ep. 
The predicate Better: (o, o’) says that, for some (binary) outcome F, 
if there is a strategy conforming to the specification o’ which ensures 
winning E% then there also exists a strategy conforming to ø which 
ensures winning E$, as well. 


e Betterg(c,o’): if there is F € 2” such that for all py’ with w’ Hi o’, 
for all r with 7 =z 7, piy is winning with respect to EL then for all u 


with u =; ø, for all r with T =z 7, pj, is winning with respect to ce. 
This notion is best understood contrapositively: for some (binary) 
outcome F, whenever there is a strategy conforming to ø which is not 
winning for E4, there also exists a strategy conforming to g’ which is 
not winning for E$. This can be thought of as a soundness condition. 
A risk averse player might prefer this way of comparison. 
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To algorithmically compare strategies, we first need to be able to decide 
the following questions. Let o and m be strategy specifications for player i 
and player 7 and E6 a binary evaluation automaton for player i. 


e Does player i have a strategy conforming to ø which ensures a valid 
play which is winning for i with respect to Ep, as long as player 7 is 
playing a strategy conforming to m (abbreviated as do, Vz : Ep)? 


e Is it the case that for all strategies of player i conforming to a, as long 
as player 7 is playing a strategy conforming to 7, the result will be a 
valid play which is winning for 7 with respect to Ef (abbreviated as 
Vo, Yr : Eb)? 


We call this the verification question. The synthesis question is given 7 and 
EŻ to construct a specification ø such that Jo, Vm : Ej, holds. 

Once we can show that the verification question is decidable and syn- 
thesis possible, the game theoretic questions of interest include: For a game 
G= (G, £), 


e Given strategy specifications ø and 7, check if ø is a best response to 
TT. 


e Given a strategy specification profile (ø, 7), check if it is a Nash equi- 
librium. 


e Given a strategy specification m for player 7 and F EF, synthesize (if 
possible) a specification ø for i such that Jo, Yr : Ep holds. 


e Given a strategy specification 7 for 7, synthesize a specification o such 
that ø is the best response to 7. 


The main theorem of the paper is the following assertion. 


Theorem 4.1. Given a game G = (G,€) and a strategy specification m for 
player 7, 


1. The verification problem of checking whether for a player t strategy 
specification o and a binary evaluation automaton Ep, if do, Yr : Ep 
and Vo, Yr : E$ holds in G is decidable. 


2. For a binary evaluation automaton E$, it is possible to synthesize 
(when one exists), a deterministic advice automaton A; such that 
Ai, Yr : Ep holds. 


3. For a specification o, checking if ø is the best response to 7 is decid- 
able. 
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4. It is possible to synthesize a deterministic advice automaton A; such 
that A; is the best response to 7. 


Proof. Without loss of generality we assume i = 1,7 = 2 and øg, m to be the 
strategy specification for player 1 and 2 respectively. 

For an advice automaton A; = (Qi, ôi, Ii, 0i), we define the restriction 
of G with respect to A; to be G |\ A; = (U, —;,.9;) where U = W x Q; and 
Si = {so} x I;. In U, the nodes are partitioned in the obvious way. i.e. 
u = (s,q) € U' iff s € W*. The transition relation —>;: U x © — U is 
defined as, 


e (s,Q) =; (s',7) iff s = 8’, q! € ôilq,s,a) and (s € W* implies 
CAGE s) = a). 


For a node u = (s,q) € U, let enabled(u) = {alH(s’,q') € U with 
(s,q) > (s’,q')}. Note that for all u € U*, Jenabled(u)| = 1 

G N A, is the arena restricted with 7. i.e. all strategies of player 2 in 
G N A, conform to 7. The game arena G | A, is no longer deterministic. 
However, for any player 2 node in G NA+ there is exactly one action enabled 


(ie. {a € E| du’ with u > u’ }| = 1). 


(1): To check if Jo, Yr : E$ holds, we build a non-deterministic tree automa- 
ton T which runs on G N A,. For a 1 node, it guesses an action “a” which 
conforms to o and branches out on all a edges. For a 2 node, there is only 
one action enabled in G |Ì A,, call the action b. The automaton branches out 
on all b labelled edges. 7 runs E} in parallel to verify that all plays thus 
constructed are winning for 1 with respect to EŁ. If 7 has an accepting 
run, then Jo, Yr : E$ holds in G. The details are as follows. 

Consider Jo, Vr : € in G. According to the proof of Lemma 3.2, con- 
struct the advice automaton A, = (Qo, ĝo, Io, 0o) and Ar = (Qr, ôr, Ir, On). 
Let Ee = (M, {< het, with M = (R, A, ro). 

Let g! = G N A, = (U, —z, Sr). Its easy to see that all player 2 
strategies in G’ is accepted by A,. Therefore we have Jo, Yr : E$ holds in 
G iff there is a strategy u accepted by A, such that for each strategy 7 of 2 
in G) A,, the resulting path is winning for 1 with respect to Eh. We give a 
nondeterministic top down tree automaton 7, which checks this property. 
Since S, in general has more than one element, we add a new position called 
root and for all u E€ S, add edges labelled with £ between root and u. 

Formally, the tree automaton T = (Q,6,I) where Q = (Qə x R) U 
{door} and I = Goot- For T in a state q, reading node u, d(q,u) = 
((qi, @, 1), (q2,@,2)) means the automaton will branch out into two copies, 
on the first a successor it goes into state qı and the second it goes into state 
q2. For a node u = (s,q,), let u [a have k elements and let the successors 
be ordered in some way. The transition relation is defined as follows: 


566 R. Ramanujam, S. Simon 


e If u € Ut, then 


SClar) u) = { (3r), a, 1), +5 (d's 7"),. a, k)) | 


0o(q,s) =a, q € ôo(q,s,a) and r’ = A(r,s,a)} 
e If u € U?, then 


llar) u) = {r)a 1), (gr), a, k)) | 


g € 6o(q,8,a) and r’ = A(r,s,a)}. 


e If u = root, then 


5 (Groots U) ar {(((q0, ro), £, 1), sey ((qo,; ro), €, k)) | qo € Io}. 


To check if Yø, Yr : Eb holds, it suffices to check if all plays in (GMAz) NAc 
is winning for 1 with respect to EŁ. This can be done easily. 


(2): We want a deterministic advice automaton A; which ensures that 
for all strategies of 2 conforming to m the play is “winning” for player 1. 
We construct a tree automaton 7 which mimics the subset construction 
to synthesize Aı. The states of 7 are the subsets of states of Ar. At 
game positions of player 1, it guesses a move and for every player 2 game 
position, it branches out on all the action choices of A, where for each move 
the resulting new state is the subset of states given by the nondeterministic 
transition relation of A». T runs E$ in parallel and checks if all paths 
constitutes a valid play and that the play is winning for 1 with respect to 
EL. If there is an accepting run for T, then constructing A; is easy. The 
state space of A, is the set of all subsets of the states of A,. The transition 
relation is derived from the usual subset construction performed by 7. The 
output function basically follows the accepting run of T. 

Let Ar = (Qr, ôr, In, 0r) be the advice automaton corresponding to the 
strategy specification m. Let B = (Qo, ôb, To, G). We extend the transition 
relation ôr as follows. For a set X C Qr, 67(X, 8,4) = Uge x dr (q, 8, a). Let 
T = (Q,6,q0) be the tree automaton where Q = 287 x R and the initial 
state qo = I, x {ro} is the set of all initial states of A,. For a tree automaton 
in state q reading node s of the tree, 6(q,s) = ((q1,@), (q2,b)) means that 
the automaton will branch out into two copies , on the a labelled outgoing 
edge of s it goes into state qı and on the b labelled outgoing edge, it goes 
into state qo. 

For game position s, and an automaton state q = ({ql,...,q*},r), the 
transition relation is defined as follows: 


e if s€ Wt: ô(q, s) = 
{(((p, r"), @)) 


Js > s' in G,p = 6,(q,8,a) and r’ = A(r, s,a)}. 
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e if s € W?: Let {a1,... ap} = {o,(qi),..-,0n(g*)}. 


ô(q, s) = {(((p1; 71), a1), -- - (Pr; rk), ax)) | 
Pi = On(g, $,a;) and r; = A(r, s, a;)}. 


If J has a successful run on G, then let T, be the run tree with A 
being the labelling function from game positions to Q. We build the advice 
automaton for 1 from this tree. The advice automaton A; = (q1, 61, q, 01) 
where Qı = 22, q? = In, 61(q1,8,0) = q' if in Tẹ we have s > s’ where 
A(s) = (q,r) and X(s’) = (q’,r’). By definition of the transition function of 
T, 61 is deterministic. The output function 01, for each of the 1 nodes is 
dictated by the guess made by 7 on the successful run Ty. 


(3): Given o and 7 to check if ø is the best response to 7, we use the tree 
automaton construction in (1) with a slight modification. 

We enumerate the elements of 2? in such a way that those higher in 
<! appear earlier in the enumeration. For each F, we construct a tree 
automaton as in (1), the only difference being that the guesses made by T 
at player 1 game positions are not restricted by ø. T runs E} in parallel to 
check if player 1 can ensure F for all choices of 2 which conform to m. Since 
the evaluation automaton is “complete”, the play eventually settles down 
in one of F’ € 2”. Therefore, as we try elements of 2” in order, the tree 
automaton succeeds for some Ej. This gives us the “best” outcome which 
player 1 can guarantee. We then check if Jo, Vz : E$, holds in G. If it does 
then A, is a best response to Ar. 

This also implies that we can check whether a strategy profile (presented 
as advice automata) constitutes a Nash equilibrium. 


(4) is similar to (3). We enumerate 2” and find the “best” outcome that 
can be achieved and using the synthesis procedure, synthesize an advice 
automaton for this outcome. Q.E.D. 


5 A strategy logic 


We now discuss how we may reason about structured strategies in a formal 
logic. Formulas of the logic (also referred to as game formulas) are built 
up using structured strategy specifications (as defined in section 3). Game 
formulas describe the game arena in a standard modal logic, and in addi- 
tion specify the result of a player following a particular strategy at a game 
position, to choose a specific move a. Using these formulas one can specify 
how a strategy helps to eventually win (ensure) an outcome £. 


Syntax 


Let P’ = {pb, pi, ...} be a countable set of proposition symbols where 7; € 
P,, for i € {1,2}. Let P = PtU P?. 7 and m are intended to specify, 
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at a game position, which player’s turn it is to move. Further, the logic 
is parametrized by the finite alphabet set © = {a1,a2,..., am} of players’ 
moves and we only consider game arenas over ©. 

The syntax of the logic is given by: 


Il:= pe P| 7a] a,Vazg| (aja | Sa | (o): c| o~; B 


where c € 5, ø € Strat’(P"), B € Past(P*). The derived connectives A, 
> and [aja are defined as usual. Let Fa = sna, (X)a = Vacs (aja and 
[Nla = 7(X)n7a. 

The formula (c); : c asserts, at any game position, that the strategy 
specification o for player i suggests that the move c can be played at that 
position. The formula o ~; 8 says that from this position, following the 
strategy o for player i ensures the outcome 8. These two modalities consti- 
tute the main constructs of our logic. 


Semantics 


The models for the logic are extensive form game trees along with a valua- 
tion function. A model M = (T,V) where T = (S,—, so) is a game tree 
obtained by the unfolding of the arena G, and V : 9 — 2” is the valuation 
function. 

Given a game tree T and a node s init, let p$, : so = s1 =} sm =s 
denote the unique path from sọ to s. For the purpose of defining the logic it 
is convenient to define the notion of the set of moves enabled by a strategy 
specification at a node s (denote o(s)). For a strategy specification o € 
Strat’ (PŻ) and a node s we define o(s) as follows: 


e null(s) = X. 


irn f {a} if se Wand ps my 
e [y = al'(s) = { E otherwise. . 


e (01 + 02)(s) = o1(s) U o2(8). 


e (01 -02)(s) = oils) No(s). 


_ f als) if V7:0<79 <m, a; € x(s;) 
(noe) = { x otherwise. 

We say that a path p% : s = s1 => s)--- 5" sm = 8! in T conforms to 
ao ifVj:1<j<m, a; € o(s;). When the path constitutes a proper play, 
i.e. when s = so, we say that the play conforms to ø. 

The following proposition is easy to see. 
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Proposition 5.1. Given a strategy u for player i along with a specification 
a, u i o (as defined in section 3) iff for all player i nodes s € u we have 
out(s) € o(s). 


For a game tree T, a node s let Ts denote the tree which consists of the 
unique path p5, and the subtree rooted at s. For a strategy specification 
oE Strat’ (PŻ), we define T, ) ¢ = (So, =s, so) to be the least subtree of 
T, which contains the unique path from so to s and satisfies the following 
property. 


e For every s’ in So such that s = >% s’, 
. . a a 
— s' is an i node: s’ => s” and a €o(s') & 9$ =>, 8". 
. = a a 
— sis an 7 node: s => 8" & d$ =>, 8”. 


The truth of a formula a € II in a model M and position s (denoted 
M, s — qa) is defined by induction on the structure of a, as usual. Let p$, 


be so £S s1 2S sm = 3: 
e M,s | p iff p€ V(s). 


e M,s | ~a iff M,s Fa. 


e M,s =| ay V ag iff M, s Ea, or M, s — ag. 


e M,s | (aja iff there exists s’ € W such that ss’ and M,s’ Ka. 


e M,s — a iff there exists j : 0 < j < m such that M, sj Fa. 


e M,s H (a); : c iff c € o(s). 


e M,s Ko ~; B iff for all s’ such that s =>* s’ in T, No, we have 
M,s' = BA (Ti > enabled,). 


where enabled, = V/,ey((a)True A (o); : a). 

Figure 1 illustrates the semantics of o ~+; 8. It says, for an 1 node @ is 
ensured by playing according to g; for a 2 node, all actions should ensure 
b. 

The notions of satisfiability and validity can be defined in the standard 
way. A formula a is satisfiable iff there exists a model M such that M, so H 
a. A formula a is said to be valid iff for all models M, we have M, so = a. 
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FIGURE 1. 


Truth checking 

The truth checking problem is given a model M = (T, V) and a formula 
Qo, determine whether M, so = ao. The following theorem shows the de- 
cidability of the truth checking problem. 


Theorem 5.2. Given a model M = (T,V) and a formula ao, we can 
construct a nondeterministic Büchi tree automaton Ty, such that M, so = 
ao iff Ta, has an accepting run on M. 


Proof. Let {01,..., om} be the strategy specification formulas appearing in 
ao and A,,,...Az,, be the advice automata corresponding to the specifica- 
tions. The tree automaton keeps track of the atoms (locally consistent sets 
of subformulas) of ap and the states of each of the advice automata. At 
any game position, it guesses a new atom which is consistent with the game 
position and a state for each of the advice automaton from its transition 
relation. For the subformula (c); : a in the atom, it only needs to check if a 
is the action dictated by the output function of the advice automaton for o. 
However, ~(o ~; 3) is a requirement which says that there exists a game 
position where enabled, does not hold or @ is false. We keep track of such 
formulas in a “requirement set” U. When the tree automaton branches, 
it guesses, for each branch, which requirements will be satisfied on that 
branch. The Büchi acceptance condition is simply all the states where the 
“requirement set” U is empty. 
We shall find some abbreviations useful: 
e inv? (a, b) = (T; A (a); : a) > [a]}(o ~; B) denotes the fact that after 
an “a” move by player i which conforms to o, 0 ~; b continues to 
hold. 


e inv? (8) = mr > [N](o ~; B) says that after any move of 7, o ~; 8 
continues to hold. 
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e enabled, = Vey((a)True A (o); : a). 


For a formula a, let SF(a@) denote the subformula closure of a. In 
addition to the usual downward closure we also require that o ~; B € SF(q) 
implies enabled,, inv? (a, 8), inv? (6), 8 € SF(a). Call C C SF(a) an atom 
if it is propositionally consistent and complete, in addition we require the 
following to hold. 


e o~; B E C = enabledg, inv? (a, 8), inv? (8) € C. 
e ~(o ~; B) € C = (~enabledo or =p) € C or ((X)A(a ~; B)) € C. 


Let AT a denote the set of atoms. Let Co = {C € AT a| there does not 
exist any ©y € C}. For C, D € AT a, define C > D iff for all ©y € SF (a), 
the following conditions hold. 


e7EC> QED. 
e &EC>yECor EC. 
e [ajy EC => yED. 


Let {01,..., om} be the strategy specification formulas appearing in ag 
and let Az,,...Az,, be the advice automata corresponding to the specifica- 
tions. The tree automata T = (Q,ô,I, F) where Q C (AT a, U reject) x 
(25F(a0))3 x Qoy X... X Qon such that (C,U, Z, Y,qi,..-,q4m) E€ Q iff 
(a)i : aTi E C = 0o(qo) = a. The sets Z and Y are used to keep track 
of the (aja formulas and ensure that the edge relation is consistent with 
these formulas. The set of initial states I = {(C,U, Z, Y,q9,...,q8,)|C € 
Co, V (s0) = CN Pas, U = Z, Z = Ø and q? € I,,}, Y = {(a)ala € © and 
(laja € C}. 

For a node s, let s1,...,Sķ be its successors in G with s 1 sj for 
1 <j <k. For a state q = (C,U, Z,Y,q1,.--,qm) at s, the automaton 
guesses a partition of U = U U... U Uk and a partition Y = Z1 U... U Zk. 
The transition relation is then defined as: 


(Cay, Zi, Yas 01s -+ + gm)» Q1)s -+ s (Ces Uks Zi, Yas as +-+ am)» Oe) 
€ ô((C,U, q1,- -, qm), 8) 
iff 
e C; = reject if there exists (a)a € Z; such that a ¢ C; or aj #a 
e For1 <j <k, C £ C; and V(s;) = Cj N Pao. 


e Forl<j<k,l<r<m, @ € ð, (qr,s, aj). 
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e U= {o ~; B € U; | 8,enabledo E€ Cj} if UF Ø 
io {o ~i BEC; | G,enabled, € C;} if U = Ø 


e Yj = {(a)a | (aja € C5} 


Once the automaton reaches the reject state then it remains in that 
state for all transitions. The Büchi acceptance condition is, F = {q = 
(C,U,Z,Y,m,---;m) E Q | U = Ø and C E€ AT o} Q.E.D. 


Complexity of truth checking 


For the given formula ao, let |ao| = n. The states of the tree automaton are 
the atoms of ag and the states of each of the advice automaton. Since the 
number of strategy specifications occurring in ag is bounded by the size of 
ao, the size of the tree automaton |T| = O(n- 2”). Let Tg denote the tree 
automaton accepting G. We want to check for emptiness of 7 N Tg. Since 
T is a Biichi tree automaton this gives us a total time complexity of O(2”). 
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Abstract 


We consider automata and logics that allow to reason about nu- 
merical properties of unranked trees, expressed as Presburger con- 
straints. We characterize non-deterministic automata by Presburger 
Monadic Second-Order logic, and deterministic automata by Pres- 
burger Fixpoint logic. We show how our results can be used in order 
to obtain efficient querying algorithms on XML trees. 


1 Introduction 


Tree automata and logics for finite trees have been considered since the 
seminal work of Thatcher and Wright [38] in the late sixties, with emphasis 
on ranked trees. More recently, research on semi-structured data and XML 
in particular, raised new questions about unranked trees, i.e., trees where 
the number of children of a node is not fixed a priori, [8, 22]. Trees in XML 
are unranked, labeled, and may occur in two versions, ordered or unordered, 
depending on whether the sequence of children of a node is ordered or not. 

In XML schema description languages like DTDs and XML Schema, the 
possible sequences of types of children elements of a node are described 


* We thank the referee for his/her careful reading and the various remarks and sugges- 
tions that helped improving the paper. 


Jörg Flum, Erich Gradel, Thomas Wilke (eds.). Logic and Automata: History and Perspec- 
tives. Texts in Logic and Games 2, Amsterdam University Press 2007, pp. 575-612. 
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by regular expressions. Thus, most of the existing theoretical work on 
XML query languages has concentrated on regular tree languages. These 
languages can be described by tree automata on unranked ordered trees 
(also known as hedge automata) [25, 27] and a variety of other formalisms 
[15, 24, 26]. In these formalisms the interaction between the children of a 
node and the node itself are usually expressed in terms of a regular language. 
Other work extended these formalisms to let them formulate (at least unary) 
queries. The resulting query facilities usually have the expressive power of 
Monadic Second-Order logic (MSO). 

The regular framework is sufficient in many cases. But often one is inter- 
ested in expressing conditions on the frequency of occurrences of elements in 
the children sequence. Consider as an example a document which contains 
music files shared by some peer-to-peer system as Napster, Gnutella etc. as 
described in Figure 1.1 

For instance, we would like to query for users who prefer jazz over pop. 
Such a query can be expressed by asking for nodes labeled with “music” 
that have more children labeled “jazz” than “pop”. Querying for users who 
are extreme jazz fans can be expressed by requiring that the majority of the 
children of a node labeled by “music” is labeled by “jazz”. 

One way of formulating such queries, is to extend the MSO logic by for- 
mulas of Presburger arithmetics constraining the children of a node (Pres- 
burger constraints for short). In this new Presburger MSO logic (PMSO) 
the first query can be expressed as: 


x E€ Labmusic ^ 2/1, 
where ¢ is the formula 
pı = #Labjazz > #Labpop . 


Here, #Labjazz and #Labpop denote the numbers of children labeled with 
jazz and pop, respectively. For the second query we replace yı by a, 
where (2 is the formula: 


p2 Z #Labjazz 2 #Labpop + #Labérench F #Labciassic $ 


As an operational counterpart of the extended logic we study bottom-up tree 
automata that are enhanced by Presburger constraints. Transitions from 
the children of a node to the node itself may depend on the frequencies of 
states at the children via a Presburger arithmetic condition, i.e., a formula 
involving addition. 


1 Tt should be noted that in a realistic setting the type of music would likely be repre- 
sented by an attribute and not by a separate tag for each type. But, of course, for the 
purpose of query processing we can interpret a tag with attribute jazz as a tag jazz. 
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<doc> 
<user> 

<name> ... </name> 

<music> 

<jazz> 
<album> Always let me go </album> 
<artist> Keith Jarrett </artist> 
<year> 2002 </year> 
<time> 3310 </time> 
<price> 42 </price> 

</jazz> 

<french> 
<tit> Aux enfants de la chance </tit> 
<artist> Serge Gainsbourg </artist> 
<album> Serge Gainsbourg, vol. 3 </album> 
<time> 247 </time> 
<price> 16 </price> 

</french> 

<classic> 
<tit> The Seven Gates of Jerusalem </tit> 
<comp> Krzystof Penderecki </comp> 
<recorded> 1999 </recorded> 

<time> 3510 </time> 
<price> 43 </price> 

</classic> 

<jazz> 
<album> Kind of Blue </album> 
<artist> Miles Davis </artist> 
<year> 1997 </year> 
<time> 3325 </time> 
<price> 29 </price> 

</jazz> 


</music> 
<video> 


</video> 
<images> 
</images> 
</user> 
</doc> 


FIGURE 1. An example document containing information about music files 
downloaded by users. 
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We start our investigation by considering automata that only use Pres- 
burger constraints, i.e., automata that disregard the order of the children of 
a node and only use cardinalities of states. Technically speaking, we study 
in this part automata on unordered trees. It turns out that these automata 
are very well-behaved. They define a class of tree languages with very reg- 
ular properties like various closure properties and equivalence with PMSO 
logic. Further, these automata allow for effective static analysis. Emptiness 
and universality are decidable, and from any non-deterministic automaton 
an equivalent deterministic automaton can be constructed. Last but not 
least, they allow to define a class of (unary) queries the evaluation of which 
has linear time data complexity. 

Next, we study automata that are allowed to combine Presburger con- 
straints with the common regular language constraints (Presburger tree au- 
tomata, PTA). It turns out that they have less desirable properties. Al- 
though emptiness of PTA can still be decided, universality (whether an 
automaton accepts all trees) becomes undecidable. As we show that the 
non-deterministic PTA can be characterized by existential PMSO logic, we 
can conclude that PMSO logic is undecidable. Nevertheless, the combined 
complexity of these automata is NP-complete, whereas the data complexity 
is polynomial time. 

Often however, and in particular in our example, some parts of a doc- 
ument can be considered as textual representations of information records. 
This means that inside certain elements, the ordering is not significant. 
We therefore investigate automata on mixed document trees, i.e., in which 
element tags either identify their content as ordered or as unordered. We 
further assume that, as in our example, numerical constraints are only appli- 
cable to such unordered element contents. Under these assumptions, we get 
the same kind of nice behavior as in the totally unordered case, mentioned 
above. 

An alternative for the querying formalism enhanced by Presburger con- 
straints is to replace the MSO logic by fixpoint logic. This Presburger 
fixpoint logic turns out to be decidable (EXPTIME-complete), and its 
combined complexity is polynomial time. Moreover, this logic has the same 
expressive power as deterministic PTA. 


This paper is an extended version of [35, 36]. 


Overview. In Section 2 we define some basic Presburger logic notions. Sec- 
tion 3 studies unordered Presburger tree automata and logic. Section 4 
studies basic algorithmic properties of Boolean combinations of regular ex- 
pressions and Presburger conditions. In Section 5, ordered Presburger tree 
automata and logic are considered. Section 6 takes a quick look at the case 
where some unordered parts of a tree allow for Presburger constraints and 
the others for regular expressions. Section 7 studies Presburger fixpoint 
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logic and its relation with Presburger tree automata. Finally, Section 8 
shows how our framework can be used to express unary queries. 


Related work. Unordered document trees are closely related to the gener- 
alization of feature trees considered by Niehren and Podelski in [28] where 
they study the (classical) notion of recognizability and give a characteriza- 
tion of this notion by means of feature automata. No counting constraints 
are considered. A detailed study of automata over unranked trees has been 
initiated by Briiggeman-Klein, Murata and Wood [3]. 

Query languages for unordered trees have been proposed by Cardelli and 
Ghelli [5, 4, 6, 7] (and their co-workers). Their approach is based on first- 
order logic and fixpoint operators. An extension to numerical constraints 
has been proposed by Dal Zilio et al. [10]. Kupferman, Sattler and Vardi 
study a p-calculus with graded modalities where one can express, e.g., that 
a node has at least n successors satisfying a given property [19]. The num- 
bers n there, however, are hard-coded into the formula. Orderings on the 
successors is not considered. Klaedtke and Ruess consider automata on the 
unlabeled infinite binary tree, which have an accepting condition depending 
on a global Presburger constraint [18]. 

Our notion of tree automata with combined Presburger and regular con- 
straints has been introduced independently by Dal Zilio and Lugiez in [9]. 
In the latter paper, the authors also propose a modal logic for XML doc- 
uments, called Sheaves logic. This logic allows to reason about numerical 
properties of the contents of elements but still lacks recursion, i.e., fixpoint 
operators. On the automata side they obtain comparable results concern- 
ing closure properties, membership tests and decidability of emptiness. Al- 
though no precise characterization is given, the Sheaves logic is strictly less 
powerful than the automata model. Recently, Demri and Lugiez proposed 
the extended modal logic EXML, which uses regular and Presburger con- 
straints on the sequence of children (still without recursion) [11]. The logic 
EXML is shown to contain the Sheaves logic and to have an EXPSPACE 
satisfiability problem. 


2 Preliminaries on Presburger Logic 


Presburger logic is first-order logic with addition and the ordering relation 
over N. It can express various decision questions such as solvability of sys- 
tems of linear equations, integer programming, or verification questions. 
The decidability of Presburger logic was established by Presburger [33] by 
quantifier elimination. A doubly exponential non-deterministic lower bound 
was shown in [13]. Later, the precise complexity was shown to be LINA- 
TIME 2220 namely doubly exponential alternating time with a linear 
number of alternations, [1]. A long line of research was devoted to the 
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analysis of various decision procedures for this logic, based on quantifier 
elimination and automata. For instance, from a formula in prenex normal 
form one can construct automata of triply exponential size [17]. 

For complexity reasons it is quite common to consider either quantifier- 
free or existential Presburger formulas, since their satisfiability is in NP. 
Both use linear terms with integer coefficients, i.e., built according to the 
syntax (with x a variable which is interpreted over N): 


tz=O|1|ta|ti+te. 


Quantifier-free Presburger formulas are defined as the closure of atomic 
formulas of kind t = 0 and t = 0 (modd) (with t a term and d E€ Na 
constant) under the Boolean connectives. Existential Presburger formulas 
are defined as the closure of atomic formulas of kind t = 0 under the positive 
connectives V,/ and existential quantification. 

It is well known that each Presburger formula can be transformed into 
an equivalent quantifier-free formula [33]. In one more step, such a formula 
can be transformed into an existential formula in normal form, that is, 
into a formula of the form Jz1,..., £e Vz] Yi, where each disjunct ; is a 
conjunction of equations t = 0 with ¢ a linear term (with integer coefficients): 


Proposition 2.1. Every quantifier-free Presburger formula ọ has an equiv- 
alent formula in existential normal form. This formula has at most expo- 
nentially many disjuncts, each of at most linear size (in |p|). 


Proof. Let p be a quantifier-free Presburger formula. First we bring it 
into disjunctive normal form (DNF). Then we replace atomic and negated 
atomic formulas by equations, if necessary by introducing new existentially 
quantified variables. More precisely, 


e t <ccan be replaced by dy (t + 14+ y1 = 0), 


etAcby Jy(t+tyt+tl=cVt—y—-1=d), 


e t = c (modd) by Jy3(t — dyz = c V t+ dyz = c), and 
e t Æ c (modd) by 


ya, ys(t—dys—ys = 0 V t+dy4— y5 = 0)A (0 < ys <cVce< ys <d). 


The resulting formula needs not to be in DNF yet, but it is free of negations 
and can be easily transformed into existential normal form. Note first that 
the DNF is of exponential size, but each disjunct contains at most |p| atoms. 
After replacing the atoms by equations, each conjunction is transformed 
into DNF. The size of each resulting disjunct is still linear, and the overall 
number of disjuncts remains exponential. Q.E.D. 
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Remark 2.2. Satisfiability of existential Presburger formulas is easily seen 
to be NP-complete. The upper bound is obtained by assuming w.l.o.g. that 
such a formula is in prenex form J3z1,..., £k Y, with w a positive Boolean 
combination of equations t = 0, with t a linear term. It suffices to guess 
then a disjunct of the DNF of y, and test in NP whether a conjunction of 
such equations is satisfiable. 


Given a formula y and an assignment o mapping the variables of y to 
numbers, we write o — y if y holds for ø (in the obvious sense) and call 
a a solution of vy. It is well known that the set of solutions of any given 
Presburger formula is a semi-linear set [14]. A semi-linear set is a finite 
union of linear sets, i.e., sets of the form {2 + 5°", xipi | x; E N}, where Z 
and the p; are vectors from N* for a given k. 

The Parikh image of a word w € %* is the assignment o € N? with 
o(a) being the number of occurrences of the letter a in w, for each a € ÈX. 
Accordingly, the Parikh image of a set L C &* is the set of Parikh images 
of we L. 

Given the alphabet ©, 7 (£) stands for the set of ordered, unranked trees 
over ©. A tree t € T(X) with root label a and subtrees t,...,t, will be 
denoted as t = a(ty,...,tn)- 


3 Unordered Presburger Tree Automata 


In this section we start with tree automata and logics that are unordered, 
i.e., they consider only the vertical parent-child order, but not the order 
between siblings. Technically speaking, we work on unordered trees, as 
considered for instance in [2, 10, 4, 5]. 

Given a finite set Q, we shall consider a canonical set Yo of variables 
which are associated with the elements in Q. So, we define: 


Yo = {#¢|@€ Q}. 


An unordered Presburger tree automaton (u-PTA for short) is given by a 
tuple A = (Q, £, 6, F`) where: 


e Q is a finite set of states, 
e F C Q is the subset of accepting states, 
e > is the finite alphabet of tree labels, and 


e 5 maps pairs (q,a) of states and labels to quantifier-free Presburger 
formulas with variables only from the set Yo. 


Informally, u-PTA are bottom-up tree automata, with transitions controlled 
by quantifier-free Presburger formulas. A formula y = 6(q, a) represents the 
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pre-condition on the children of a node labeled by a for the transition into 
state q, where the value of the variable #p represents the number of children 
that are in state p. Formally, we introduce a satisfaction relation t HA q 
between trees t € T(X) and states q which is defined as follows. Assume 
that t = a(t1,...,tn), where a is the the label of the root, and t1,...,t, are 
the subtrees of the root, and let 6(q,a) = y. Then t =a q if {1,...,n} can 
be partitioned into |Q| subsets J, of cardinalities np (p € Q), such that: 


e ti Ha p for all i € Ip, 


e {#pr n | pE Q}E g. 


The language L(A) of trees which are accepted by A is 


L(A) = {tE TŒ) |I f EF:t Ha f}. 


As an example, consider the language of trees with labels in {a,b}, such 
that the internal nodes are all labeled by a and have at most as many 
subtrees with a b-leaf as ones without. A u-PTA for this language has 
two states, say go and qı, where state qo means that there is no b-leaf in 
the subtree, and state qı the converse. The transition relation is defined 
by 6(qo,a) = (#q1 = 0), 6(qo, 6) = false, 6(q1,a) = (#q0 > #q1 > 0) and 
6(q1,) = leaf. Here, we use the Presburger constraint leaf = ()7j_9 1 #4 = 
0), which is satisfied precisely at leaf nodes. 

Note that u-PTA are defined as non-deterministic automata. A u-PTA 
A = (Q,%,6,F) is called deterministic if for every a € X and every tuple 
(Np)peg E N®, there is at most one state q € Q such that 


{#p = ny |p E€ Q} F ôlq, a). 


Remark 3.1. It is not too hard to verify whether a given u-PTA is deter- 
ministic. The precise complexity is NP-complete, since it amounts to check 
the satisfiability of quantifier-free Presburger formulas. The lower bound 
can be obtained by an obvious reduction from Integer Linear Programming 
(ILP). 


3.1 Closure and decidability results 
The results of this section show that u-PTA enjoy several desirable proper- 
ties, such as determinization and reasonable complexity. 


Theorem 3.2. The non-emptiness problem for u-PTA is NP-complete. 


Proof. Consider a u-PTA A = (Q,£,ô,F). Let us call a state q € Q 
reachable iff there is a tree t with t =, q. The algorithm guesses some final 
state q € F, and checks that q is reachable. To this end, the algorithm 
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guesses some k < |Q| and a sequence q1,...,qk of states with qk = q, and 
checks that, for each 1 < j < k, the following formula is satisfiable: 


N #p=0)a (V 5q,0)). 


PEQ\{ali<i} 


Since each check can be done non-deterministically in polynomial time, the 
overall complexity is NP. Moreover, NP-hardness is again an immediate 
consequence of ILP, thus we conclude that non-emptiness of u-PTA is NP- 
complete. Q.E.D. 


We show next that u-PTA are effectively closed under the Boolean op- 
erations (union, intersection and complement). In particular, we give a 
determinization construction for u-PTA. 


Theorem 3.3. u-PTA are effectively closed under the Boolean operations 
and under renaming?. 


Proof. Closure under union and renaming is immediate. For intersection, 
assume that we are given automata A; = (Qi, £, ôi, Fi), i = 1,2. W.l.o.g. we 
assume that Qı N Q2 = Ø. We proceed analogously to the standard con- 
struction of the product automaton for ordinary automata. Thus, we define 
the automaton A = (Q, £, ô, F) as follows. We set Q = Q1 x Q2, F = Fix F> 
and define ô((q1,q2)},a) by the formula below, where 6, and ô2, resp., are 
obtained from 41, 42, resp., by replacing all variables #p by £p (p E Q1UQz2): 


J 2m: J zp. Alga) Ad2(q2,a) A 


PicQi p2€Qo 
( A 5 # (P1, p2) = se) ^ ( TAN X # (p1, p2) = e) : 
P1CQi P2EQ2 p2€Q2 p1ıEQı 


In addition, we use above the notation J, crti for some index set I, to 
denote the existential quantification over all variables x; (i € I). This is 
done for convenience only, since the above formula can be rewritten directly 
as a quantifier-free Presburger formula. It is easy to see that t =4 (q1, q2) 
iff t Ha, qı and t Fy, q2. Thus, L(A) = £(A1) N L(A2), which completes 
the proof. 

For closure under complement it suffices to know that u-PTA can be 
determinized, which is shown in the proposition below. Q.E.D. 


Proposition 3.4. For every u-PTA A, a deterministic u-PTA A’ can be 
constructed such that L(A) = L(A’). 


2 A renaming is a letter-to-letter morphism. 
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Proof. The proof idea is similar to the power set construction for ordinary 
finite automata. Let A = (Q,»,0, F) and A’ = (Q’, 5,0’, F"), where Q’ = 
22 and F” ={BCQ|FOBF Ø}. For each B C Q, 6'(B,a) is a formula 
with free variables from Yọ. It is given by: 


(Aveo) (A, aa): 


qEQ\B 


Here, the formula pq, ,a should be true iff q is a potential successor state. In 
order to specify Yq,a, we refer to the auxiliary variables x, (p € Q), and also 
to auxiliary variables xg») (B C Q, p € B). The variable £z;g p) is meant 
to count all those children resulting in the state set B in A’, for which we 
choose state p € B w.r.t. the A-run. Using these auxiliary variables, 74 q is 
defined below, with lq, a) as the formula 6(q, a) where each variable #p is 
replaced by zp: 


Jq Tp. Jq T/B ,p) - ô(q,a) \ 
pEQ pEBCQ 


( A Da U(B,p) = #B) ^ (A 5 TIB p) = tr) . 


BOQ pEB PEQ pEBCQ 


The transitions of the subset automaton can be transformed into quantifier- 
free formulas by quantifier elimination. Q.E.D. 


As a corollary of Proposition 3.4, we also obtain: 
Corollary 3.5. The universality problem for u-PTA is decidable. 


The complexity upper bound for the universality problem that follows from 
Proposition 3.4 is 2-NEXPTIME. Note first that the transition formulas 
6’(B, a) can be written as IzYy Y(z, Y), with y quantifier-free. Using quan- 
tifier elimination we can first make Vy Y(z,ŅJ) quantifier-free, then rewrite 
6’(B,a) as an existential Presburger formula. The first step is exponential 
in the size of the universal quantifier block (see, e.g., [17]), hence we obtain 
an existential formula of doubly exponential size, for which satisfiability can 
be checked in 2. NEXPTIME. 


Proposition 3.6. The combined complexity of u-PTA Model Checking is 
NP-complete. If the u-PTA is deterministic, the complexity is polynomial 
time. The data complexity is linear in the size of the input tree. 


Proof. Assume we are given a u-PTA A and a tree t. We guess for each 
node of ¢ a state of A, and then check that the run is accepting: For each 
node we compute the Parikh image of the children states (note the entries 
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have values < |t|). Then we need to check that the Presburger formulas are 
locally satisfied, for each node. Thus, the evaluation of all formulas at a 
node requires time O(|A|- |t|) (using numbers in unary representation). 

NP-hardness follows by a reduction from 0-1 ILP, where we ask whether 
a system S of linear equations AZ = b has a 0-1 solution, that is, one 
with z € {0,1}”. Given A and b, we define a u-PTA with state space 
{p1,..-, Pm; P, f}, final state f and transition relation ô(p,a) = ô(pi,a) = 
leaf for all 7, and 6(f,c) = (p A #f = 0), where ọ is the conjunction of 
all equations in S$ (with x; replaced by #p;) and of 0 < #p; < 1 for all i. 
Clearly, the tree t of depth 1 with root labeled c and m leaves labeled a 
satisfies t =, f iff S has a 0-1 solution. 

If A is deterministic, then the tree can be evaluated in a bottom-up 
traversal in time O(|t| - |A|). The data complexity follows immediately, 
using Proposition 3.4. Q.E.D. 


3.2 Unordered Presburger logic 


Unordered Presburger MSO logic (u-PMSO for short) is defined by extend- 
ing monadic second-order logic (MSO) with Presburger predicates over the 
children of a node. As for u-PTA, the logic does not provide an order- 
ing relation on siblings. A u-PMSO formula y is given by the following 
grammar: 


p ==  yeLab, | y €Y | Child(y,y’) | y/y | 
gidge | =v | dy.y | 3Y. ọ 

Y I = ti = te | y1 A to | wi V we | Ix. yı 

p nS 0| 1| +a | ti tte | #Y 


where a € ©, y,y’ are first-order variables, Y is a second-order variable, and 
x is from a designated set of Presburger variables. The predicates y € Laba 
and Child(y, y’) are interpreted as usual, i.e. y is labeled by a, resp. y’ is 
a child of y. The formula w in y/w is a quantifier-free Presburger formula. 
The interpretation of y/y is that the children of y satisfy the Presburger 
constraint 7. A term #Y inside w is interpreted as the number of those 
children which are contained in Y. As usual, we write t = y, if t satisfies 
the (closed) u-PMSO formula g. 


Remark 3.7. We also allow derived predicates such as equality between 
variables such as yı = y2, or Yı = Yo, or equations Y = {yı}. Note that 
the child predicate Child(y, y’) is redundant, since it can be expressed as: 


JY. (Y = {y} A y/(#Y = 1)). 


A tree language L C T (£) is u-PMSO-definable if there is a closed formula 
y such that L= {t | t H yo}. 
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Theorem 3.8 below states that u-PMSO-definable languages are precisely 
characterized by unordered Presburger tree automata. The proof is anal- 
ogous to the corresponding result for ordinary tree automata (over ranked 
trees) [38], and uses in particular Theorem 3.3. 


Theorem 3.8. A set of unranked trees is accepted by some u-PTA if and 
only if it is definable in u-PMSO. 


4 Regular expressions and Presburger formulas 


The automata considered in the next section, as well as the associated logics, 
use pre-conditions on the children of a node in form of Boolean combina- 
tions of regular expressions and Presburger formulas. A basic question is 
then the satisfiability of such conditions. Since the Parikh image of a reg- 
ular language (and even context-free language, [32]) is semilinear, deciding 
emptiness can be reduced to computing the Parikh image of the regular 
expressions involved. 

In [36] we showed that even for an NFA, an existential Presburger for- 
mula which describes the Parikh image of the corresponding language can 
be computed in linear time. Later, this result was extended to context-free 
grammars in [39] (see also [12] for a related approach). 


Theorem 4.1 (Verma-Seidl-Schwentick, [39]). Given a context-free gram- 
mar G, an existential Presburger formula for the Parikh image of L(G) can 
be computed in linear time. 


A Presburger regular expression over © is a Boolean combination of regu- 
lar expressions over X and quantifier-free Presburger formulas with variables 
only from the canonical set Ys = {#a |a € X}. 

Given a string w € * and a Presburger regular expression y we define 
in the obvious way whether w matches y (denoted as w  y). For example, 
if y = a(a+ b)* A (#a = #5), then w = y iff w contains only a’s and b’s, 
begins with an a and contains as many a’s as b’s. A Presburger regular 
expression ¢ is satisfiable if there exists some w with w — y. Before we 
show how to decide satisfiability for such expressions, we need the following 
property: 


Proposition 4.2. Let A be a (non-deterministic) finite word automaton 
with n states and input alphabet of size k. Then the Parikh image of L(A) 
is a union of linear sets {2 + S7)", i pi | xi € N} where each component 
of each vector Z, pj € N* is at most n. 

In particular, if the size of the alphabet is k, then the number m of 
occurring vectors is at most (n + 1)*. 


Proof. The proof is based on the following simple observation: any (accept- 
ing) path of A can be decomposed successively into loops of length at most 
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n, and one (accepting) path of length at most n. Thus, we define each set 
of vectors Z, p; € N* by associating ¢ with an accepting path Ao of length at 
most n and each p; with a loop A; of length at most n, in such a way that 
the A;, 0 < j < m, can be combined to a (accepting) path in A. Specifically, 
it suffices to fix for each j the set of states that occur in Aj in such a way 
that Uj_Aj is connected. Q.E.D. 


Proposition 4.3. The satisfiability problem for Presburger regular expres- 
sions is PSPACE-complete. 


Proof. The lower bound is immediate, since it is already PSPACE-hard to 
decide whether a given set of regular expressions has a non-empty intersec- 
tion or whether the complement of a single regular expression is non-empty 
[37]. 

For the upper bound let y be a Presburger regular expression of size n. 
First of all, we can assume w.l.o.g. that negations are used only as linear or 
modular inequations, or in form of negated regular expressions. The given 
expression y is satisfiable iff some of the disjuncts in the DNF of y is so. We 
can guess such a disjunct w in linear time. The formula is a conjunction of 
regular expressions, negated regular expressions, linear (in)equations t = 0, 
t £0 and modular (in)equations t = 0 (mod d), t # 0 (mod d). 

We first show that ~ is satisfiable iff there exists some word w of ex- 
ponential length with w = w. Since the regular expressions in w all occur 
in y, the sum of their sizes is at most n. The minimal automaton of each 
such (possibly negated) regular expression e (resp., =e) is of size 2!¢!, hence 
the minimal automaton Ay of the intersection of all positive and negated 
regular expressions is of size 2” . 

By Proposition 4.2, the Parikh image of £(A,,) is a union of linear sets 
{e+ ya aipi | zi € N}, where h = O(2™!12l) = O(2”") (as [Z| < n) and 
the entries of the vectors Z, p; are at most O(2”). 

Now, a word w € X* satisfies w iff its Parikh image is in one of these 
linear sets and additionally fulfills the remaining (Presburger) constraints. 
This can be expressed by adding, for each a € X, the following equation: 


h 
#a = c(a) + DE - pila). 


Let m be the number of Presburger constraints in Y. By Proposition 2.1, 
the conjunction of these constraints is equivalent to a formula in existential 
normal form, with disjuncts of size O(m). Thus, one has to check whether 
the Parikh image of w satisfies a system of M = O(m) + |E| < O(n) 
equations with at most N = |X| + O(m + 2") = O(n+2”’) variables, and 
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coefficients of values bounded by k = 2”. By a result of Papadimitriou [31] 
such a system has a solution with numbers bounded by 


N - (M - k +1)?™ t = (O(n +2") (O(n) 2" + 1M = 20), 


This shows that if some w |= vy exists, then there is some with length 207°), 

It remains to describe how to check the existence of w as above. We 
simply guess w symbol by symbol. For each regular expression e or ~e in Y, 
we compute the set of states that can be reached in the non-deterministic 
automaton A, for e when reading w. Further, for each a € X we count how 
often a occurs in w. All this can be done in polynomial space without storing 
w. A counter keeps track of the length of w. In the end, it can be checked 
whether the Parikh image of w satisfies all Presburger constraints. Q.E.D. 


As Presburger regular expressions are closed under negation we immediately 
conclude that also universality is PSPACE-complete. 


5 Presburger tree automata 


In many applications, e.g., where documents are automatically generated 
from databases as textual representations of querying results, the element 
ordering on the children does not matter. In other applications, though, 
which are more related to classical document processing, this ordering is 
crucial. In this section, we extend our framework to automata and logics 
that take the sibling order into account. Naturally, we use then Presburger 
regular expressions as pre-conditions on children sequences. 

We define a Presburger tree automaton for unranked trees (PTA for 
short) as a tuple A = (Q, £, 6, F’) where: 


e Q is a finite set of states; 
e F C Q is the subset of accepting states; 


e 5 maps pairs (q,a) of states and labels from © to Presburger regular 
expressions over Q. 


Accordingly, we introduce an extended satisfaction relation between trees t 
and states q by defining for t = a(t, ...t;) and 6(q,a) = ọ, t Ha q iff there 
are states p1,...,pr E Q such that t; |a p; for all j and pı -++ pı Fy. The 
language L(A) C T(£) which is accepted by the automaton A is given by: 


L(A) = {te T(D) | Affe F:tKy, f}. 


A PTA A is called deterministic if for all a € X and all w € Q*, we have 
w = ô(q,a) for at most one q E€ Q. 
Using Proposition 4.3, we obtain with a similar proof as for Theorem 3.2: 
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Theorem 5.1. The emptiness problem for PTA is PSPACE-complete. 
Next we turn to the complexity of such automata. 


Theorem 5.2. 1. The combined complexity of PTA Model Checking is 
NP-complete. If the PTA A is deterministic, it is O(n - |A|), where n 
is the size of the input tree. 


2. The data complexity of PTA is polynomial, O(n**+1). The degree k 
of the polynomial is the number of states of the PTA. 


Proof. Let A be a PTA with state set Q and t a tree. A non-deterministic 
algorithm guesses a run of A on t and checks the consistency at each node. 
Each consistency check amounts (1) to testing membership of a string w € 
Q* of size |t| for at most |A| many regular languages, represented by regular 
expressions (possibly negated), and (2) to evaluating at most |A| (quantifier- 
free) Presburger formulas on its Parikh image. All these checks can be done 
deterministically, in time O(|t| - |A|). If A is deterministic, we perform the 
computation bottom-up deterministically. The NP lower bound for non- 
deterministic PTA follows already from the u-PTA case. 

Towards (2.), suppose now that the PTA A is fixed and let Q be its set 
of states. We perform a bottom-up traversal of the input tree t, computing 
for each subtree t’ the set of states R = {p | t’ Ha p} C Q. Assume that 
t = a(ti,...,tm) and R; = {p | t; H p} have been already computed. 
Moreover, we can suppose that the Presburger regular expressions used in 
A are disjunctions of conjuncts e; A m; where for each e; a deterministic 
automaton 6; is given, and each 7; is a Presburger formula. Then we may 
check for each e; A 7; separately whether it is verified by t1,...,tm. 

To this end, let us now consider one conjunct e A 7, where the language 
of e is described by the finite automaton 6 with set of states P. Let the 
sets V(i,s),0 <i <m, s E€ P, contain all assignments v : Yo —> {0,...,i} 
verifying the following condition: there exists a sequence of states a = 
ry-++r;, with r; € Rj for j = 1,...,2 and with Parikh image v, such that 
state s can be reached from an initial state of B by reading a. Finally, let 
V be the union of all sets V(m, f) where f is a final state of B. Once V is 
computed, it simply remains to check whether v = a for some v € V. Thus, 
assuming that the automaton A is of constant size, we spend O((m-+1)!@!) 
time on the computation of the set of all successor states at the root of 
t. Hence we can conclude that the overall runtime on a tree of size n is 
O(n'@l+1), Q.E.D. 


PTA do not share the pleasant properties with u-PTA. In particular, it is a 
direct consequence of the following result that there is no determinization 
algorithm for PTA. 
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Theorem 5.3. The universality problem for PTA is undecidable. 


Proof. The proof is a reduction from the accepting problem for 2-counter 
Minsky machines [23]. Given such an automaton A with state set Q we 
construct a PTA B such that A does not accept the empty input if and only 
if B accepts all trees over the alphabet QU{#, $,a, b}. In the construction we 
shall concentrate on trees of depth 1 with frontier (i.e., leaf labels read from 
left to right) from Qa*b*(#Qa*b*)*. The root is labeled by $. It is easy to 
construct a tree automaton (without Presburger constraints) which accepts 
all trees that are not of this special form. The union of this automaton with 
the automaton B’ to be constructed in the remainder of the proof will be 
the automaton $ we are looking for. 

The PTA 86’ checks whether the frontier does not encode an accepting 
computation of the counter automaton A. Here, a configuration of A with 
state q and counter contents nı and nz, respectively, is encoded by the 
string ga"'b"? and configurations are separated by #. The automaton Bb’ 
checks whether one of the following cases arises: 


e the frontier does not start with qo#, where qo is the initial state of A, 
or 


e the frontier does not end with a string of the form #qa*b*, where q is 
an accepting state of A, or 


e there are two successive configurations that are not consistent with 
the transition function of A. 


We only describe how the latter case can be checked, as the first two 
cases are straightforward. The idea is that B’ simply marks two consecutive 
configurations. A regular constraint can check that two such configurations 
are correctly marked, whereas a Presburger constraint ensures that the two 
configurations are indeed inconsistent with the transition function of A. 

Formally, the state set of B’ equals Q U {#,a,a’,b,b’,?}. On each leaf 
the automaton can enter state ?. Further, it can enter state # on all leaves 
labeled #, and state q on all leaves with label q € Q. For leaves with label 
a (b, resp.) it can also enter state a or a’ (b or b’, resp.) The automaton B’ 
enters an accepting state at the root if both conditions below hold: 


e the states on the frontier form the sequence ?*#qa*b* #q/ a!" b!* ##2* 
with q,q' € Q, and 


e the numbers of occurrences of a, b, a’, b’ are not consistent with respect 
to q, q' and the transition function of A. 


The first condition above is simply a regular constraint. The second 
one can be expressed by a conjunction of Presburger constraints, over all 
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possible transitions of A leading from state q to state q’. For instance, 
for a transition that increases the first counter and leaves the second one 
unchanged, the Presburger constraint requires that either the number of a’ 
is not equal to the number of a plus 1, or the numbers of b and b’ are not 
equal. Q.E.D. 


5.1 Presburger MSO logic 


Unordered Presburger MSO logic as defined in Section 3.2 is readily ex- 
tended to take into account the sibling order, by adding the atomic predicate 
Next(y, y’), with the meaning that y’ is a right sibling of y. We denote this 
logic as PMSO. We now characterize Presburger tree automata by means 
of existential PMSO logic. 


Theorem 5.4. A set of unranked trees is accepted by a PTA if and only 
if it can be described by a PMSO formula of the form 4X, ...4X,.y where 
y contains no second-order quantifier. 


Proof. Let Abe a PTA with state set Q and transition relation 6. Without 
loss of generality we can assume that all Presburger regular expressions used 
in ô are disjunctions of expressions e; ^ m;i, where e; is a regular expression 
over Q, and 7; is a quantifier-free Presburger formula. Furthermore, let, for 
each i, a finite automaton B; for £(e;) be given. From Biichi’s Theorem it 
follows that each automaton 6; is equivalent to an existential MSO formula 
Ww, = dY,...5Y;.y;. Hence, we can construct a formula Y = 4X1--- dX. 
in which some of the variables X; are used to encode the states rae A 
assumes and the remaining variables are those of the formulas ~#;. The 
first-order part y of w describes the consistency of the states between nodes 
of the input tree and their children, and uses the formulas ;. 

For the converse we show first that every PMSO formula 7 containing 
no second-order quantifier can be evaluated by a deterministic PTA. The 
result is then immediate as a non-deterministic automaton can guess, for 
each node, those sets of X1,...,X, in which the node is contained. The 
proof proceeds by induction on the structure of Ww. The only case which is 
not entirely straightforward is the case of a formula w = Jz. y(x). Let, by 
induction, A be an automaton over the alphabet © U (= x {x}) for y(x). 
Le., A accepts all trees t which have exactly one node v with a symbol (a, x) 
from © x {x} such that y holds on t, if x is bound to v and the label of v 
is replaced by a. 

Let Q be the set of states of A. We construct a deterministic PTA A’ 
for ~ as follows. The state set of A’ is Q x 2°. The intuitive meaning 
of a state (q, X) at a node v is the following. First, if x does not occur 
in the subtree rooted at v, then A assumes state q at v. Second, X is 
the set of states A can take if for one node of the subtree at v its label 
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a is replaced by (a,x). We explain how the transitions of A’ are defined. 
The mapping 6’((q, X),a) is described by a Presburger regular expression 
€q,a \ €X,a, Where €q,q is obtained from ô(q, a) by replacing each occurrence 
of a state r € Q in a regular expression by Ugcg(r, 5) and each occurrence 
of #r in a Presburger formula by ` sco #(7, S$). The Presburger regular 
expression €x,q is of the form Apex (€p,a V €p,a) ^ Apex “(eha V &,a). Here, 
ela expresses that A takes state p at v if the label of v is (a,x). Likewise, 
ep,a expresses that A takes state p at v (labeled by a) if the label b of some 
node below v is replaced by (b,x). The expression ef, is obtained from 
ô(p, (a, £)) in an analogous fashion as e,,, was obtained from ô(q, a). 

It remains to describe the construction of e2. The expression e? , is 
obtained as a disjunction Vreg Vresco ô(p, a)r,’ s. Here, for each choice 
of SC Q, r € Q and r’ € S, the Presburger regular expression d(p, @),,,/,g is 
satisfied by a sequence (q1, 81) ++: (qm, Sm), qi E Q, Si C Q, iff there is some 
i < m with q =r, Si = S and 6(p,a) is satisfied by q1- q@i-17’Gi41 °° + qm- 

The expression (p, a),,r7,9 is defined by replacing in (p,a) each regular 
expression e by err s, and each Presburger formula m by mr r,s. We get 
Trg as the conjunction of #(r,S) > 0 and the formula which is obtained 
from 7 by replacing #q, for each q € Q with 


© X #(a,9), ifad{rr}orq=r=r, 


S’CQ 

e oe #(q,5")) — 1, if q= r and r £ r’, and 
S’'CQ 

© (X HGS") +1, ifq=r! andr Zr’. 
S'CQ 


The language L of a regular expression er g is given as: 


L = {(q1, $1) +++ (qm, Sm) | dt : (qi, Si) = (r, S} A 
qi -+e G19’ qit1+++ Gn € Le). 


Q.E.D. 


Theorem 5.4 shows that existential PMSO logic is decidable. On the other 
hand we immediately obtain from Theorem 5.3: 


Corollary 5.5. Satisfiability of PMSO formulas is undecidable. 


6 Mixed automata 


In the previous section we have seen that in general we cannot expect de- 
cidability for all PMSO. Instead, we can restrict ourselves to automata and 
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logics that work in a mized mode, either pure regular or pure Presburger, 
depending on the tag. Formally, we work on mixed trees, where the label 
of a node tells whether the ordering of its children matters or not. Recall 
from the introduction that this restriction naturally reflects a division of 
documents into parts which are made up from data records whose orderings 
are irrelevant and formatting parts where the ordering is significant. This 
classification is formalized by partitioning the finite alphabet X into subsets 
X = Xo +, where Np and X}; consist of all labels of nodes with unordered 
and ordered children, respectively. Mixed trees in our sense correspond to 
terms with one associative symbol (for accumulating the ordered contents) 
and one associative and commutative symbol (for accumulating multi-sets). 
Languages of such trees, e.g., have been studied by Lugiez [20, 21] and 
Ohsaki [29, 30]. Note, however, that our formalism is slightly more specific 
as we rule out sequences of trees where unordered sections occur dispersed 
between ordered ones. Instead, the significance of order is already deter- 
mined by the label of the parent node. 

Mixed Presburger tree automata now subsume the ability of unordered 
Presburger automata to check Presburger formulas, as well as the ability 
of hedge automata to check containment in a regular set. Formally, ô(q, a) 
is a quantifier-free Presburger formula if a € Uo, respectively a regular 
expression if a € X4. We call such an automaton a mired PTA. Similarly to 
Theorem 3.2, we obtain: 


Corollary 6.1. The emptiness problem for mixed PTA is NP-complete. 


It turns out that the family of languages accepted by mixed PTA enjoys the 
same good closure properties as u-PTA. The proof of the theorem below 
follows the lines of Proposition 3.4 and is omitted: 


Theorem 6.2. Mixed PTA are effectively closed under the Boolean opera- 
tions. In particular, for every mixed PTA an equivalent deterministic mixed 
PTA can be constructed. 


As for unordered and general PTA, respectively, we succeed to give a logical 
characterization of our automata model also in the mixed case. For that we 
use mixed PMSO logic, in which Presburger (regular, resp.) constraints can 
be applied only to the children of a node labeled with some element from Xo 
(£1, resp.). We therefore speak here of mized PMSO-definable languages 
and queries. More formally, in a mixed PMSO-formula an atom Next(y, y’) 
is allowed in a subformula y occurring in a context Child(a, y)Ay € Laba ^g, 
where a € 4. Likewise a formula y/7 is allowed in a subformula ọ occurring 
in a context y E€ Laba A y, where a € No. Mixed PMSO-definable queries 
are what we have considered in the introduction, by considering, e.g., that 
the label music belongs to Ug. We obtain: 
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Theorem 6.3. A set of unranked trees is accepted by some mixed PTA iff 
it is mixed PMSO-definable. 


We conclude that satisfiability of mixed PMSO-logic is decidable. 


7 Presburger fixpoint logic 


As an alternative to monadic second-order logic, we consider in this section 
the extension of fixpoint logics with regular and Presburger constraints on 
children of nodes. Our fixpoint formulas y are thus constructed according 
to the following grammar: 


pru= T|a| pry 
| ei V p2 | pi Ave 
| a(F) | *(F) 
Fon= elm. 


Here, “x” denotes an arbitrary node label, and F denotes a generic pre- 
condition on the children of a node. Such a pre-condition is either a regular 
expression e over letters p, possibly negated, or a quantifier-free Presburger 
formula m with free variables #y, denoting the number of children satisfying 
y (with y a fixpoint formula). 

In the following, we assume throughout that y is a formula where all 
bound variables are distinct. Let ® denote the set of all subformulas of y. 
We consider assertions t : Y, with t € T(X),w € ®. We write F t : w either 
if Yy = T (every tree satisfies T) or if the assertion t : w can be derived from 
valid assertions by means of the following rules: 


t:w Lewe® tey uxrypEP 
tor t: yxp 
t: pı t: pe t: pi 
t: pire t: pı VY 
u: F u: F 
alu) : a(F) alu) : *(F’) 


Thus, besides assertions t : wv, t € T(X), we additionally need auxiliary 
assertions u : F where u is a sequence of trees and F is either a regular 
expression or a Presburger formula. A sequence u = ¢1,...,t, satisfies a 
regular pre-condition e iff there are formulas y,...,~, such that t; : Yi 
and the sequence of formulas 41 ---w, is contained in the regular language 
L(e) described by e. In case of a Presburger formula r, we first collect for 
every formula 7 occurring in m the number ny of children t; satisfying Y. 
Then u satisfies 7 iff the resulting assignment o = {#W => ny | Y E€ ®} 
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satisfies o E a. Thus we have the rules: 


ti : pi (@=1,...,k) pi- Up E Lle) 


Eis is tpa € 
ohr where o(#4)= Hilti: y} 
RNE LRT 


Note that according to this rule for Presburger formulas, the same tree t; 
may be counted several times, once for every Y such that t; : w. 

A proof of an assertion t : w consists of all rule applications to derive 
this assertion. In particular this means for t = a(t,,...,t,) and w = alr), 
am a Presburger formula, that a proof of t : p contains for every i = 1,..., k, 
and every Y’ occurring in m a subproof of H t; : p'—whenever it exists. 
Moreover, we silently assume that a proof always has tree-like structure. 
Thus, we may have several copies of a subproof for distinct occurrences of 
the same subtree within t. 

Finally, the language denoted by the formula ọ is given by: 


L(y) = {te T(d) |b t: p}. 


In particular, £(T) = T(%) and L(ux.x£x) = Ø. Using the convenient 
abbreviation “” for T*, i.e., an arbitrary sequence of trees, we may write 
pa. (a(_)V*(_ x _)) for the set of all trees with at least one inner node labeled 
a. Note that our fixpoint expressions do not provide an explicit notion 
of negation. However, we always can construct an equivalent expression 
with guarded fixpoints (see, e.g., [34]). The free variable x occurs only 
guarded inside the formula y if x occurs as a free variable only within 
the scope of elements a or *. The variable x, for example, occurs only 
guarded inside the formula a(_ x -} V y while y does not. It turns out that 
guarded fixpoints are unique. More precisely, if x occurs only guarded in 
p, then uz. is semantically equivalent to vx.y. Once greatest fixpoints 
are available, complementation is easy since then we can push negations 
inward. For example, we have: t : =(ux. p(x)) iff t : vx. ap(a2). 

In the subsequent proofs we shall use the following notion. For a subset 
B C © of subformulas of y, define the closure cl(B) as the least superset 
B' of B such that: 


e TEB; 
e If pı € B’ and y2 € B’ then also 1 A p2 € B’, whenever p1 A p2 € Ọ; 
e If yı € B’ or p2 € B’ then also yi V p2 € B', whenever g1 V y2 € ®; 


e If y’ € B' then uz.’ € B’ and x € B’, whenever u g.p’ € ©. 
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Intuitively, the closure of a set B of subformulas contains precisely the 
subformulas which are implied by the formulas in B through the proof rules 
for fixpoint formulas. In particular, consider a given fixpoint formula, a tree 
t and let B be the set of all subformulas ~ of type a(F’) and *(F’) with t : w. 
Then, cl(B) is the set of all subformulas ~ with t: w. 


Theorem 7.1. A set of trees is accepted by some deterministic PTA if and 
only if it satisfies some Presburger fixpoint formula. 


Proof. Let p be a Presburger fixpoint formula. We assume for simplicity 
that all regular expressions in y are unnegated. We construct a PTA A as 
follows. Let © denote the set of all subformulas of y of the form al F} or 
«(F'). The set Q of states of A is given as the set of all subsets B C UV. The 
set T of accepting states consists of all subsets B such that y € cl(B), i.e., 
whose closure contains the initial formula y. 

Given a state B € Q and a € &, we determine the pre-condition 6(B, a) 
as 


6(B,a) = Aves AW, a) ^ Nyeng AW, 4) 


where: = 
A(a{F),a) = F 
A(x(F),a) = F 
A(b(F),a) = false ifa #b 


where F is constructed as follows. For a regular expression e, we obtain ē 
from e by substituting Bı +---+ Bm for every occurrence of a formula w 
if {B1,..., Bm} is the set of all states B such that w € cl(B). For a Pres- 
burger formula v, let 7 be obtained from a by substituting Èy EcI(B) #B 
for every occurrence of the free variable #w’. By construction, the resulting 
automaton is deterministic. We show for trees t,t,,..., tx: 


(1) t Ha Biff cl(B) ={we@|Ft: Y}; 


(2) F ti,... tp: e iff ti Ey Bi, 1 <i <k, such that B,---B, € L(8); 


(3) F ti,...,tp : T iff ti Ey Bi, 1 <i < k, such that the Parikh image of 
Bı - -- Bg satisfies 7. 


In particular, item (1) above implies that L(y) = L(A). 

The three claims above are shown inductively. Items (2) and (3) above 
are immediate for k = 0. For k > 0 they follow from the definition of e and 
7, together with item (1). Suppose now that t = a(tı,..., tk), k > 0. Then 
t =a B iff ti Ha Bi for some B;, 1 <i < k, such that: 


e Bı- -- By € LE) iff ale) or *(e) is in B, 
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e the Parikh image of B,--- Bp satisfies 7 iff a(r) or *(m) is in B. 


By induction, cl(B;) = {w | F t; : y} for all i. Using items (2) and (3) we 
infer that a(F) or *(F) is in B iff F t),...,t, : F, for all pre-conditions F. 
By the definition of cl(B) this is equivalent to cl(B) = {4 |F t: p}. 

For the converse, consider a deterministic PTA A = (Q, £, ô, F). W.l.o.g. 
we may assume that every pre-condition is a disjunction of conjunctions of 
regular expressions and Presburger formulas. We introduce one variable x, 
for every state q € Q. For these variables, we construct an equation system 
Sa: 

Tq = 4, GEQ 


where the right-hand sides are defined as fixpoint expressions, but without 
allowing the u operator. The semantics of such equation systems is an 
extension of the semantics for fixpoint expressions. The only addition is the 
rule: 

tnp 

t:r 


for every equation x = y. Thus, whenever a tree satisfies the right-hand 
side of an equation, then it also satisfies the variable to the left. The right- 
hand side yq for xq in the equation system S4 is constructed from 6(q, a), 
a € }, by: 

pa = V [6(4,@)la 


aex 


where the transformation [.], takes a pre-condition and returns a fixpoint 
expression (without fixpoints) as follows: 


[ela = ale{qr tq | ge Q}), 
[Ta = te q> H EX g | qE QJ), 
[pi V Yala = [pila V [p2]a, 

lpi ^ pla = [PilaA [Pela 


Thus, a regular expression over states q is transformed by first substituting 
the states by the corresponding variables and then putting a node a on 
top. A Presburger formula is transformed by first replacing the variables 
#q with #2 ,, and again putting a node a on top, whereas conjunctions 
and disjunctions are transformed recursively. By induction on the depth of 
terms t,t1,...,t, we prove for every q E€ Q, a € X and right-hand side y: 


(1) tHaq iff Ft: a; 


(2) ti Ha qi forl<i<k,withga:---q Fy iff - a(t,...,te): [pla 
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The first claim then proves the correctness of the construction. 

For the proof of the claims let us first assume that t; H4 qi for all i, 
and qi--- qn H p. We verify that for every a € ©, a(ti,...,tk) : [pla where, 
by inductive hypothesis, we may assume that F t; : £q, for all i. If p =e 
is a regular expression, then by assumption, qi--- qx E€ L(e). By definition, 
[pla = ale{q > xq |q E Q}). Therefore, xg, --- tq, E L(e{gt tq | ¢ € Q}) 
and hence a(ti,...,tx) : [ela. If Y = T equals a Presburger formula, then 
the Parikh image of £4, ` Zq, satisfies n{#q — #2, | q E Q}. Let p denote 
the mapping defined by p(#x4) = |{i | F ti : xq}|. Since the automaton 
A is deterministic, t; : £q is provable for exactly one state q. Therefore, 
the number of occurrences of q in the sequence q1,...,qp precisely equals 
p(#Æzxq4). We conclude that t1,...,tk : T{#q > #zxq |q € Q} and therefore 
also altı,... tk) : [t]a. The cases y = pı A p2 and y = 1 V p2 are 
completely standard. 

For the converse direction assume a(tı,..., tk} : [~]a for some a € X. 
By inductive hypothesis for t;, we already know that there are (unique) 
states q; such that t; Ha qi and therefore also F t; : £q, for all i. It 
remains to verify that qı -+ -qk = p. If y = e is a regular expression, then 
La’ Lq, E Lle{q => zq | q E Q}), thus q---qn | p. If p = m equals 
a Presburger formula, then |y]a = a(a{#q => #2,_ | q E Q}). Since by 
assumption, a(tı,...,tk) : [Y]a, we obtain p =| m{#q => #zxq |q E Q} for 
the assignment p(#x£4) = |{i | F ti: £za}|, q E Q. Since A is deterministic, 
p(#Æzxq) equals the number of occurrences of q in the sequence qi,..., qk- 
Therefore, q,--- qx H| m. The case where y = p1 V Yo or Y = p1 A Y2 are 
dealt with recursively. 

To the equation system S4 we then apply Gaussian elimination. Thus, 
we take any equation x, = Yq Where pq possibly contains free occurrences 
of xg, and replace it by xg = H £q. Yq. Then we replace all free occurrences 
of xq in all other right-hand sides yg, qg’ # q, with the new fixpoint formula 
[LXq-Pq- The resulting system still is equivalent to the original one but does 
no longer contain free occurrences of xg in right-hand sides. We iteratively 
perform this step for every state q. Eventually, we arrive for each q € Q at 
an equation £q = Øq where Øq is a closed fixpoint expression which denotes 
the set {t € T(X) | t Ha q}. Thus, the desired fixpoint formula p4 can be 


chosen as: 
PA = V Pq: 
qEF 


Q.E.D. 


In the remainder of this section we turn to the complexity of Presburger fix- 
point logic. Concerning satisfiability, Theorem 7.1 provides an EXPSPACE 
upper bound. The theorem below shows that this can be improved to EX- 
PTIME, which is as good as we can hope for, since satisfiability of fixpoint 
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formulas (without Presburger conditions) over binary trees is EXPTIME- 
complete (a similar result holds for model-checking pi-calculus against push- 
down graphs, [40}). 


Theorem 7.2. The satisfiability problem for Presburger fixpoint formulas 
is EXPTIME-complete. 


Proof. The lower bound is obtained, e.g., by encoding the accepting runs of 
an alternating polynomial space Turing machine through a binary tree. 

It remains to prove the exponential upper bound. Let y be a Presburger 
fixpoint formula. We denote by W the set of its subformulas of type a(F’) 
or *(F}, and by © the set of all subformulas. 

We call a subset B C W obtainable if there is a tree t such that, for each 
Y Ee Y, Ft: ifand only if Yy € B. In this case, we call t a witness for B 
and denote t by t(B). 

We compute in an inductive fashion the set of all obtainable sets B C Y. 
First, we compute the set Xo of sets that are obtainable by some one-node 
tree t. Given X;, we let X;41 be the set of sets that are in X; or are 
obtainable by a tree consisting of a root the subtrees of which are witnesses 
for the sets in X;. As this process is monotonic it ends after at most 2!¥! 
iterations, i.e., an exponential number of steps. 

It therefore suffices to prove that each step takes no more than expo- 
nential time as well, actually we shall need here only polynomial space. 

Let X denote a set of obtainable subsets of Y. We show that, given the 
fixpoint formula y of size n and a set B C W it can be checked in space 
polynomial in n whether B is obtainable by a tree with subtrees which are 
witnesses for sets in X. Of course, X is not part of the input, since it might 
be of exponential size. We can imagine X as stored on a separate tape, and 
our PSPACE algorithm will access non-deterministically this tape. 

A set B is only obtainable if there is some symbol a such that all formulas 
in B are either of the form a(F) or *(F). Accordingly, we must check 
whether there exists a sequence of sets w = Bı... By with B; € X for all 
i, such that the tree t = a(t(B,),--- ,t(Br)) makes all formulas in B true 
and all others false. 

Consider first a formula of type a(e) (*(e), resp.), with e regular ex- 
pression. By the definition of the closure of sets of formulas from W, it is 
immediate that t satisfies ale) (*(e), resp.) iff w € L(é), where é is obtained 
from e by replacing every formula y with the disjunction of all B’ € X with 
wy € cl(B’). Likewise for al~e) (*(7e), resp.). 

For formulas alr), (r), with m Presburger formula, we first need the 
following definition. Let H denote the mapping which takes an assignment 
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ao: X — N and computes an assignment 7 : ® — N by 


T(b) = ` o(B'). 


B'EX with wécl(B’) 


The tree t = a(t(B,),--- ,t(Bp)) (with w = B,... Bn) satisfies the formula 
a(r) (*(7), resp.) iff H(Par(w)) satisfies 7, where Par(w) denotes the Parikh 
vector of w € X*. The reader should recall here that with the fixpoint 
semantics a subtree can be counted several times, once for each formula it 
satisfies. 


As in the proof of Proposition 4.3, we shall show the following: 


Claim 7.3. If there exists a string which simultaneously verifies all formulas 
of type a(F) or *(F) in B, and falsifies all such formulas outside B, then 
there exists one whose length is bounded by 2?) for some polynomial p. 


We first show how the statement of the theorem follows from this claim. We 
successively guess subsets B’ C X (in polynomial space). For each such B’, 
we simulate the evaluations of the non-deterministic automata correspond- 
ing to all regular expressions e occurring in a(F’) € W or *(F) € W. Of 
course, in order to do so, we need to check each time whether a subformula 
y’ € ® is in cl(B’). All these simulations are done in PSPACE. During 
this process, we maintain an occurrence vector T indexed by subformulas 
vy’ € ®. Whenever a set B’ is processed, we increment in T the values of 
all y’ contained in cl(B’). Since each letter B’ may have incremented each 
entry of 7 at most by 1, the assignment 7 can always be represented in 
polynomial space. Once we have guessed a sequence of length at most 2?) 
verifying the formulas a(e) € B and *(e) € B and invalidating those outside 
B, we verify that 7 satisfies the formula 


el Vig esd te ee 


a(m)EBVx(T)EB a(m) €BAx(nT) ZB 


The latter can be done in polynomial time (recall that each Presburger 
formula 7 is quantifier-free). This algorithm uses only space polynomial in 
n, therefore it can be executed in deterministic exponential time—which we 
wanted to prove. 

It remains to show the claim above. Recall first that we defined the 
regular expressions € over the alphabet X by replacing each subformula 
y’ of y by the disjunction of all B’ € X with y’ € cl(B’). Now, we first 
construct an automaton 6 for the intersection of the regular expressions é 
(resp. 7@) occurring in formulas from B. This automaton has at most 2” 
states, and its alphabet is of size 2”. By Proposition 4.2, the Parikh image 
of the accepted language is a finite union Par(£(B)) = £,U---UL,, of linear 
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sets L, of the form {c + ae £i- Pi | x; > 0}, where the entries of each 
vector C, p; are bounded by 2”—whereas their number h < (2” +1)?” might 
be doubly exponentially large. Recall however, that for the satisfiability 
of the Presburger formulas m occurring in formulas a(7),*(m) contained 
in B, we are not interested in the Parikh image Par(£(B)) of the words 
accepted by B itself, but in the image of Par(£(B)) under H. By definition, 
H(Par(£(B))) = H(L1) U --- U H(Lm). Moreover, for every linear set of 
the form L = {e+ cs zi: Pi | zi > 0}, the image H(L) is given by 
A(L) = {m+ DA Li: Ti | zx; > 0} where 7 = H(c), 7; = H(p;), j = 
1,...,h. This implies that each component in a vector 7; is obtained by 
the sum of at most 2” entries of the vectors c, pj. Therefore, all entries of 
the 7; are bounded by 2” - 2” = 2°”, The crucial point is that the vectors 
Tj now only have at most n entries (instead of 2” for c, pj). Accordingly, 
only (22")” = 22”? of the Tj can be distinct and therefore necessary to 
describe H(L). Thus, now we may proceed along the same lines as in the 
proof of Proposition 4.3. A linear set L contained in the Parikh image 
Par(L(B)) of B gives rise to a linear set H(L) contained in H(Par(L(B))), 
which in turn gives rise to at most n extra equations in 22" variables with 
coefficients bounded by 2?”. These are to be added to O(n) many equations 
obtained from the Presburger formulas from B. That is, as in Proposition 
4.3 we consider a disjunct of the DNF of each formula m occurring in some 
Presburger formula form B (resp., with =r occurring outside B), and we 
eliminate inequations and modulo equations using Proposition 2.1. Once 
again applying Papadimitriou’s estimation [31], we obtain that the entries 
of a minimal solution 7 € H(Par(£(B))) NS, with 


oN OM 


a(m)EBVx(m)EB a(n) €BAx (rT) EB 


are bounded by 29(”"), Clearly, we have r € H(Par(L(B))) N S iff there 
is some string w € L(B) such that H(Par(w)) satisfies S. Recall that by 
construction, T is contained in cl(B’) for every subset B’ C Y. Therefore, 
H(Par(w))(T) precisely equals the length of w. Thus, the upper bound on 
the entries of 7 proves the desired upper bound on the length of a shortest 
witness w and thus the claim. Q.E.D. 


We finish this section with the following 


Proposition 7.4. Given a tree t and a Presburger fixpoint formula y, it 
can be checked in time O(|t| - |p|?) whether t = y. 


Proof. We compute bottom-up the set of subformulas of y that are satisfied 
by each subtree. For each subtree t = a(tı,...,tķ) we simulate first the 
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NFA corresponding to regular expressions e (~e, resp.) occurring in pre- 
conditions a(...) and «(...), by keeping the set of reachable states of the 
NFA. Since each NFA is of size at most |y|, each such simulation costs 
at most O(k - |y|?). For Presburger constraints a(r), x/r} we just need to 
count how many children satisfy a given subformula occurring in 7, which 
can be done in O(k - |p|), and to evaluate linear (in)equations and modular 
(in)equations. The last check is done in O(|y|?). Finally, we compute cl(B) 
in O(|y|), with B C W the set of all a(F) or *(F) satisfied by a(t,,...,t,). 


Q.E.D. 


8 Querying unranked trees 


Presburger automata or logics can be used as a facility to express unary 
queries, i.e., to select a set of nodes in a document tree. We start this 
section with automata-based queries, and consider in Subsection 8.1 queries 
based on fixpoint logics, which exhibit a much better complexity than PTA- 
based queries. 

With automata-based querying, a tree node is selected via an automa- 
ton A and a set T of states of A. The node v is in the output, if there 
is an accepting computation of A that obtains a state from T at v. By 
the equivalence between Presburger automata and Presburger MSO logic 
(Thums. 3.8, 5.4, 7.1), this simple mechanism allows to express all (unary) 
queries definable in Presburger MSO logic. 

Let è denote a fresh symbol (not in ©). A context is defined as usual, as 
a tree c € T(HU {e}) which contains exactly one occurrence of è at a leaf 
(the hole). Let c[t’] denote the tree which is obtained from c by substituting 
e with t (i.e., filling the hole). Note that for a given tree t, the set C(t) 
of contexts c such that t = c[t’] for suitable subtrees t’ is in one-to-one 
correspondence with the set of nodes of t. Therefore, in the following we 
shall no longer distinguish between contexts c € C(t) and nodes of t. 

A (unary) query is a mapping R from trees to subsets of nodes. The 
nodes in R(t) are also called matches. In the following, we present a class 
of queries which is definable by means of (unordered, mixed) PTA. For 
this, we extend the definition of 4 to contexts by defining c,p HA q, 
(p,q € Q) iff c Fa, q where Ap. = (Q, UU {0}, p,e, F) is obtained from 
A by extending © with e and defining: 


5(q’, a) if a E D3; 
Öp, (q, a) = leaf ifa=eAq =p 
false ifa=eAqd #p 


Thus, the automaton A, behaves like A but additionally labels the hole 
by p. We have: 
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Proposition 8.1. Let A = (Q, £, ô, F) be a PTA and t = c|t'] for a context 
cand t,t € T(x). Then t Ky q if t Ha p and c, p Ey q for some p E€ Q. 


A (unary) Presburger pattern is a property of nodes of trees from 7 (X). 
We define this property by means of a pair (A, T) where A = (Q, £, 6, F) 
is a PTA (resp., a u-PTA or mixed PTA) and T C Q is a set of states. 
Let t € T(X). A context c € C(t) is a match of the pattern (A,T) in t iff 
t = c{t'] where t H4 q and c,q Ky f for some q € T and f € F. 

We consider first mixed queries, with unordered ones as a special case. 
Whenever we speak about the complexity of the querying problem below, 
we mean the complexity of the following decision problem: given a query 
R, a tree t and a node v of t, is v € R(t)? 


Theorem 8.2. Let A be mixed PTA. The set of matches of a fixed Pres- 
burger pattern (A, T}, in a tree t € T (£) of size n is computable in time 
O(n). If the pattern is part of the input, the joint query complexity is 
NP-complete. 


Proof. Let A = (Q,=,6, F). We proceed in two passes over the input tree 
t. In the first pass, we determine for every subtree t’ of t the set of states: 


B(t) = {p€ Q |t Ha p}. 


Let A’ denote the deterministic automaton constructed from the mixed PTA 
A as in the proof of Theorem 6.2. Then we know that for every t € T (X), 
U Ha Biff B={peQ|t Ha p}. Therefore, the sets B(t') (over all 
subtrees t’) can be determined by one bottom-up run of A’ on t. According 
to Proposition 3.6, this first pass can be performed in linear time. 

In the second pass, we determine for each context c € C(t) with t = c[t’], 
the set of states: 


Dc) = {p € Bt’) | If € F : cp Ha f}. 


Given the sets D(c), the matches of the pattern are determined as the set 
of all contexts c where T N D(c) # Ø. 

In order to determine the sets D(c), we proceed top-down over t. For 
the root context c we set D(c) = B(t) nñ F. Assume that we are given a 
context c in t where t = cla(t,,...,t,)] for some a € X and subtrees ¢;. 
Then we may proceed from the father node c to the son c; which is defined 
as the context c; = cla(t,...,ti-1,¢,.-.,¢%)]. Remark that now t = cifti]. 
Let B; = B(t;). Assume that we have already determined the value D(c) 
and now want to determine the corresponding set for c;. 

Suppose first that the tag a is unordered, a € Ng. For B C Q, let ng 
denote the number of trees tj, 1 < j < k, such that t; - 4 B. Let p denote 
the variable environment defined by: 


{tpreng|BCQ}. 
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We claim: 


Dle) = {a € Bi | PE V Yar} 


qe D(c) 


where the formula Yq q is given by: 


Jq #p. Jq X(Byp) - 6(q, a) A TIB; q’) > OA 


(A > ta») = 22) ACA 5 (Bp) = #P) - 


BCQ peB PEQ B,pEB 


Intuitively, formula Yq,q' expresses that there is an assignment mapping the 
children t; to states q E€ B(t;) such that t; receives q’ and the Presburger 
pre-condition ô(q,a) is satisfied. Since satisfiability of Presburger formulas 
is decidable, we conclude that the sets D(c;) are computable. 

The total complexity of our algorithm in this part consists, for each 
node v labeled in Xo, in a test of an assertion p = y. Here, the formula p 
only depends on the fixed automaton A, and the variable environment p is 
such that p(x;g p) < k for all £;g p, in the domain of p, with k denoting 
the number of children of v. Each formula y can be transformed into a 
quantifier-free formula, which is evaluated in time O(k) on numbers in unary 
representation. Since the sum of all k is bounded by n, the total complexity 


is in O(n). 
In the case where a € X4 we have: 
D(ci) = Ut{Da(t) | qa E Dio} where 
Di) = {pi € Bi | Vj # i Ip; € By: pi... pe E€ 6(g,a)}. 


Given a (non-deterministic) finite automaton 6 for ô(q,a), all sets D,(i), 
i= 1,...,k, can be computed in time O(k) as follows: by one left-to-right 
pass we compute at each position the set of reachable states of 6; in a 
second, right-to-left pass we compute at each position the set of states from 
which we can reach a final state of 6. With this information we compute 
all sets D,(2) in a final pass in O(k). 

Therefore, the overall complexity of the second pass is linear as well. 
This completes the proof in the case where the pattern is fixed. 

For the joint complexity, consider first the upper bound. The first pass 
can be done deterministically in polynomial time, by computing bottom-up 
the reachable states at each node. For the top-down pass, we solve at each 
node an existential Presburger formula, which is done in NP. The lower 
bound follows from Proposition 3.6. Q.E.D. 


As a special case of the querying algorithm in the proof of Theorem 8.2, 
we obtain a linear time querying algorithm for (fixed) queries on classical 
ordered trees (i.e., trees with Ho = Ø). 
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We now consider ordered queries, i.e., queries stated as Presburger pat- 
terns (A, T) where A is a PTA. 


Theorem 8.3. The set of matches of a fixed Presburger pattern (A,T), 
with A PTA, in a tree from 7 (X) is computable in polynomial time. If the 
pattern is part of the input, the joint query complexity is NP-complete. 


Proof. Assume we have marked the root node of one subtree t of t. Assume 
further that we have modified A in such a way that the marked node always 
receives a state in T. Then the modified tree is accepted iff t’ is a match. 
Since there are only n different nodes to be marked, the theorem follows 
from Theorem 5.2. 

For the joint query complexity we can implement easily the 2-pass ap- 
proach of Theorem 8.2 in NP. The lower bound follows from the combined 
complexity of PTA. Q.E.D. 


Let us turn to queries specified through Presburger MSO. A mixed PMSO- 
pattern is a mixed PMSO formula y» with at most one free variable y. A 
match of y in t at a node v means that t together with the assignment of 
v to the free variable y satisfies y. A query R is mixed PMSO-definable iff 
there is a mixed PMSO-pattern y such that for every t, R(t) is the set of 
all matches of y in t. Replacing mixed PMSO by existential PMSO, we get 
existential PMSO-definable queries. 


Theorem 8.4. For a query R the following statements hold: 


1. R is mixed PMSO-definable iff R is definable by a Presburger pattern 
(A, T) for some mixed PTA A. 


2. R is existential PMSO-definable iff R is definable by a Presburger 
pattern (A,T) for some PTA A. 


In comparison with PTA-based queries, it is worth noting that the joint 
query complexity of mixed PMSO-definable and existential PMSO-definable 
queries is PSPACE-complete. Both arguments for the upper and the lower 
bound use that alternating polynomial time is equivalent to PSPACE. 


8.1 Presburger fixpoint queries 


In this section we focus on unary queries expressed in Presburger fixpoint 
logic. Compared to PTA, fixpoint logic allows for very efficient algorithms— 
linear time for fixed queries and polynomial time for the joint query com- 
plexity. 

In order to get an intuition about the expressive power of Presburger 
fixpoint logic, consider the example document shown in Figure 2. There we 
might first ask for all elements (tree nodes) containing “Bartoli”. A sec- 
ond query could ask for elements containing “Bartoli” and having at least 


606 H. Seidl, Th. Schwentick, A. Muscholl 


<music> ... 
<classical> 
<opera> 
<title> The Salieri Album </title> 
<composer> Bartoli </composer> 
<review> ... </review> 
<review> ... </review> 
<review> ... </review> 
</opera> 
<opera> 
<title> The No. 1 Opera Album </title> 
<composer> Puccini ; Verdi </composer> 
<performer> Bartoli ; Pavarotti </name> </performer> 
<review> ... </review> 
</opera> 
</classical> 
</music> 
<dvd> 


<music dvd> 
<opera> 
<title> Rossini - La Cenerentola </title> 
<performer> Bartoli </performer> 


<review> ... </review> 

<review> ... </review> 
</opera> 
</music dvd> 


</dvd> 


FIGURE 2. Part of a document with music items. 


three reviews. In the fixpoint Presburger logic we can express that a tree 
contains a node satisfying a given property, without knowing at which depth 
this node occurs. For instance, the formula pı = *(_ Bartoli _) describes 
all nodes containing “Bartoli”. Note that in order to take properties of 
text contents into account, it (conceptually) suffices to consider each text as 
a tag. We are not interested in the class of all these documents t, however, 
but for each such t in the subdocuments which satisfy the specific formula 
pı. Documents containing elements with the property yi are described by 
the expression: pu x.(*(_ x -) V yi). In order to indicate the subformula cor- 
responding to the requested subdocuments, we introduce the extra marker 
“e”. Thus, we specify the query as 1 = wx.(*(_a@ _) V (eA y1)). Accord- 
ingly for the second query, we describe the set of all elements containing at 
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least three reviews by: y2 = «(##review > 3). The query formula then can 
be formulated as: 


ho = pa.(#(-@ -) V (eA p1 A^gpə2)). 


In order to obtain a query language, we formally extend the language of 
Presburger fixpoint expressions by one extra case: 


(BSS acts |iet | Sane 


Accordingly, we add new axioms | t:e for all trees t. A match t of a 
formula y containing a subformula è is a proof for t : y containing the fact 
t:e. We want to construct an algorithm to determine for a fixed query 
formula y, all matches inside a document tree t. We first observe that we can 
determine in time O(|t|) for every subtree t’ of t the set of all subformulas 4% 
of y such that | t : =. For that, we can do as in Proposition 7.4 a bottom- 
up pass on t. In order to deal with the special symbol e occurring in y, we 
extend the notion of closure of states by adding the formula e. The rest of 
the construction is unchanged. Let then S(t’) denote the set of subformulas 
p of type a(F), *(F) such that t : y. By construction, y € cl(S(t’)) iff 
F t : p, for every subformula ~ of vy. 

It remains to determine for every subtree t’ of t the subset R(t’) C 
cl(S(t’)) containing all those Yy which may occur in some proof of t : p. Then 
t is a match iff e € R(t’). The subsets R(t’) are determined in a second 
pass over the tree t, in a top-down manner. For a closed set of subformulas 
B, we introduce the auxiliary function coreg which takes a subformula ~ of 
y and returns the set of all subformulas in B which potentially contribute 
to any proof of w (including w). Let core’ p(w) = corep(w) \ {4Y}. So, 
core’ p(e) = core’p(T) = Ø, and 


core’ p( uxa) =  corep(w) ifweB 
core’ p(x) = corep(t) ifye B 
core’ p(y Awe) = corep(u) U coreg (Y2) 

i O coreg (pi) if w3_; € B 
core g(Yı V p2) = { corep(w1) Ucore(y2) otherwise 
core’ p(a(F)) = Ø 
core’ p(«(F’)) = ©. 


Moreover, we set: coreg (R) = Uyer coren() for every RC B. 

The second pass over t starts at the root of t. There, we have: R(t) = 
corep(y) for B = cl(S(t)). Now assume we have already computed the 
set R(t’) for the subtree t = a(ty...t,). Let R’ = R(t’) N S(t’) denote 
the set of subformulas in R(t’) of the form a(F’) or *(F’). Then R(t;) = 
Uver Ry(ti), where Ry(t;) equals the set of formulas from cl(S(¢;)) which 
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may have occurred in a proof of t’ : p. Let B; = cl(S(t,;)) be the set of all 
subformulas that are valid at t;. If Y = a(r) or w = *(z) for a Presburger 
formula 7, then we must compute the assignment to the variables of m. In 
fact, all subformulas from B; contribute to this assignment. Therefore, we 
simply have R,(t;) = B; in this case. On the other hand, if Y = a(e) or 
w = *(e) for a regular expression e, then R,,(t;) = coreg, (Ri) where 


Ri = {4i | ddr...ve E€ Lle): Yj: y; € Bj}. 


The set R; denotes all subformulas provable for t; which may contribute to 
the validation of e. According to this definition, the sets Ry (t;), i = 1,..., k 
can jointly be computed by a left-to-right followed by a right-to-left pass of 
a finite (string) automaton for e over the children of t’. The case of negated 
regular expressions is treated analogously. Summarizing we conclude: 


Theorem 8.5. Let y be a fixed query in Presburger fixpoint logic. Then 
the set of matches of y in an input tree t can be computed in time linear in 
|t]. If y is part of the input, the joint query complexity is O(|y|? - |¢|). 


9 Conclusion 


We have considered extensions of logics and automata over unranked trees 
by arithmetical Presburger constraints. Our motivation comes from XML, 
where one is interested in expressing properties of such trees that go be- 
yond regular languages, such as numerical constraints. We showed that 
fixpoint logic extended by Presburger constraints has particularly pleasant 
properties, namely good expressiveness, complexity which does not increase 
with the additional Presburger part, and joint querying complexity which 
is polynomial. 

Some of our results raise open problems. The universality problem for 
u-PTA is one of them: we have a 2-NEXPTIME upper bound, and as lower 
bound only EXPTIME. Another issue is the data complexity for general 
PTA: can we improve the bound or is it inherently difficult (w.r.t. fixed 
parameter complexity, with the size of the PTA as parameter)? Finally, 
it would be interesting to see whether the automata and logics can be en- 
hanced by more general arithmetical constraints, like for instance the semi- 
polynomial or semi-quadratic sets considered in [16]. 
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Abstract 

In the 1980’s, Wolfgang Thomas, together with the authors, in- 
troduced the study of formulas with quantifiers that are interpreted 
“there exist r mod q elements x such that....” and used algebraic tech- 
niques to characterize the regular languages defined with such quanti- 
fiers. The present paper surveys this work and the many other results 
it spawned, especially the applications to formulas with a bounded 
number of variables, and the rather surprising connections with cir- 
cuit complexity. 


In the late nineteen-eighties much of our research concerned the applica- 
tion of semigroup-theoretic methods to automata and regular languages, and 
the connection between computational complexity and this algebraic theory 
of automata. It was during this period that we became aware of the work 
of Wolfgang Thomas. Thomas had undertaken the study of concatenation 
hierarchies of star-free regular languages—a subject close to our hearts— 
by model-theoretic methods. He showed that the levels of the dot-depth 
hierarchy corresponded precisely to levels of the quantifier alternation hi- 
erarchy within first-order logic [26], and applied Ehrenfeucht-Fraissé games 
to prove that the dot-depth hierarchy was strict [27], a result previously 
obtained by semigroup-theoretic means [4, 18]. 

Finite model theory, a subject with which we’d had little prior acquain- 
tance, suddenly appeared as a novel way to think about problems that we 
had been studying for many years. We were privileged to have been intro- 
duced to this field by so distinguished a practitioner as Wolfgang Thomas, 
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and to have then had the opportunity to work together with him. The study 
of languages defined with modular quantifiers, the subject of the present 
survey, began with this collaboration. 


1 Generalized first-order formulas over < 
1.1 First-order logic and star-free sets 


A little background first, about the ordinary kind of quantifier: Properties 
of words over a finite alphabet can be expressed in predicate logic by 
interpreting variables as positions {0,1,...,n— 1} in a string of length n, 
and including for each o € © a unary relation symbol Qs, where Q,2 is in- 
terpreted to mean that the letter in position x is ø. The signature typically 
includes other predicate symbols— “numerical predicates”—that are inde- 
pendent of the letters that appear in the positions concerned, but instead 
allow us to talk about relations between positions. It is quite interesting to 
see what happens when we modify this part of the signature, but for now 
we shall suppose that there is just one such predicate symbol: <, denoting 
the usual order on the positions. 

A sentence of first-order logic thus defines a language in )*, namely the 
set of all strings that satisfy the sentence. For example, if X = {0,7}, then 
the sentence 


dx(Qex A =3y(y < 2) 


says that there is a position containing the letter ø preceded by no other 
position, and thus defines the language oX* of words whose first letter is ø. 
Likewise the sentence 


Ja(Qox \7dy(y<2)) A Ax(Q,x ^A=3y(y > 2)) 
ve(Qre  Fy(Qoy A (y < 2) 


A Vzelz>yrork< )))) 


says that the first letter is ø, the last letter is 7, and that the positions 
containing 7 are those immediately following positions containing ø. This 
defines the language (o7)*. 

Now (o7)* is a star-free subset of {o,7}*. This means that it can be 
defined by an extended regular expression in which arbitrary boolean oper- 
ations are permitted along with concatenation, but in which the star oper- 
ation is not used. This may not be obvious at first, since we have certainly 
used the star to write it! But in fact this language is identical to 


(TS US GUS(aaU TT)B)*, 
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where the superscript c denotes complementation in {o,7}*. 

McNaughton and Papert [13] showed that the star-free languages are 
exactly those definable by first-order sentences over < . It is not hard to 
see how to express the concatenation operation in first-order logic, so let 
us concentrate instead on why the converse is true. Our account here is 
inspired by the treatment in Thomas [26]. If wi, w2 E€ &*, and k > 0, then 
we write w; =~ w2 to mean that w and wz satisfy all the same sentences 
of quantifier depth k. We write [w], to denote the equivalence class of the 
word w under this relation. One can now show that for any word v, 


[lesa = (Verne loale — UJlurleoluale- 

Here, the index set x in the intersection is the set of all triples (v1, 0, v2) such 
that o € X and v = vj 0v2, and the union over the set of all triples (u1, 0, u2) 
such that v does not have a factorization vovo with v; =, u; for i = 1,2. 
This can be established with a by-now routine argument using games. Since 
=, has finite index, the intersection is in fact a finite intersection. So the 
above equation shows that for all k, each = ;-class is a star-free language. 
Since a language defined by a sentence of depth & is a finite union of such 
classes, we get the desired result. 

Observe that the argument outlined above makes no use of the other 
characterization of star-free languages, namely Schiitzenberger’s Theorem 
that these are exactly the languages whose syntactic monoids are aperiodic 
(i.e., contain no nontrivial groups) [16]. But algebra and semigroups are not 
completely absent, for the equivalences =, are congruences of finite index 
on &*, and the content of Schtitzenberger’s Theorem shows in essence that 
the quotient monoids of these congruences generate all the finite aperiodic 
monoids. 


1.2 Counting factorizations 


Earlier (in our Ph.D. dissertations!) we had both studied a variant of the 
concatenation operation that counted factorizations modulo some period: 
Let Li, Lo C ©*, o € X, and 0 <r < q. Then we define (L1,0, L2,1r,q) to 
be the set of words w for which the number of factorizations w = wow if 
congruent to r modulo q. 

In our discussions with Thomas we realized that the precise power of 
this operation could be captured if one introduced modular quantifiers into 
our logical languages: 


qr mod Irox) 


is interpreted to mean ‘the number of positions x for which (x) holds’ is 
congruent to r modulo q. 
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As an example, consider the sentence 


J? mod 37(Q-ax A =U mod 2y(Qoy ANY < r)). 


This defines the set of all strings in which the number of occurrences of T 
preceded by an even number of ø is divisible by 3. Observe that this par- 
ticular sentence uses modular quantifers exclusively, and that it is possible 
to rewrite it so that it only uses modular quantifiers of modulus 6. 

We were able to adapt the argument given above for star-free languages 
to this new quantifer: Let us fix a modulus q, and let us redefine v1 =, v2 
to mean that vı and və satisfy the same sentences of quantifier depth k, 
where we now allow modular quantifiers of modulus q as well as ordinary 
quantifiers. Let L be defined by the sentence 


g med ta o(s), 


where y has depth k. We showed that L is a boolean combination of lan- 
guages of the form (K, o, K’,s,q), where K and K’ are =;-classes. The same 
conclusion holds if we define =; in terms of modular quantifiers exclusively. 

It readily follows that languages constructed using boolean operations 
and ordinary concatenation together with the operations (L1, 0, L2,r,q) are 
exactly those defined by sentences using both ordinary and modular quanti- 
fiers, and that languages defined using the operations (L1, 0, L2,r,q) alone 
are exactly those definable using only modular quantifiers. 

Our real interest, however, stemmed from the fact that these language 
classes could all be characterized effectively in semigroup-theoretic terms. 
The example language defined above with quantifiers of modulus 2 and 3 was 
derived from a descripiton of the set of words in the permutations o = (1,2) 
and T = (1,2,3) that evaluate to the identity in the symmetric group S3. 
This works in general for finite solvable groups, for we can derive such 
descriptions of word problems from the composition series for the groups. 
It turns out that the languages definable using only modular quantifiers 
are exactly the languages whose syntactic monoids are solvable groups, and 
those definable using both modular and ordinary quantifiers are exactly 
those whose syntactic monoids contain only solvable groups. 

Let us denote by FO[<] the family of languages definable by first-order 
sentences over <, by (FO + MOD,)|<] those definable with both ordi- 
nary first-order quantifiers and modular quantifiers of modulus q, and by 
MOD, |<] those definable using only modular quantifiers of modulus q. (We 
assume all of this is with respect to a fixed finite alphabet X.) 


Theorem 1.1. (Straubing, Thérien and Thomas [22]) MOD, |<] is the fam- 
ily of regular languages whose syntactic monoids are solvable groups of car- 
dinality dividing a power of q. (FO + MOD,)|<] is the family of regular 
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languages L such that every group in M(L) is a solvable group of cardinal- 
ity dividing a power of q. 


This second of these facts is far deeper than the first: While a solv- 
able group by definition decomposes into a sequence of extensions by cyclic 
groups, which generates the expression in terms of modular quantifiers, the 
existence of a comparable decomposition for monoids that contain solvable 
groups requires the use of the Krohn-Rhodes Theorem [12]. 

The result of this is that we are able to effectively decide if a regular 
language, given, let us say, by a regular expression or an automaton, can be 
defined by a sentence involving modular quantifiers, and if so actually pro- 
duce the sentence. For instance, suppose L is recognized by a deterministic 
automaton with four states. We can explicitly write down a Krohn-Rhodes 
decomposition of the monoid of all transformations on a four-element set 
into factors that are either small aperiodic monoids or cyclic groups of or- 
der two or three. This can be used to produce a sentence for L containing 
ordinary quantifiers along with modular quantifiers of modulus 2 and 3. 
In contrast, if the minimal DFA for L has five states, and if the transi- 
tion monoid contains all the even permutations of the states, then no such 
sentence for L is possible, irrespective of the moduli used. 


1.3 Quantifiers and the block product 


The two-sided decomposition theory for finite monoids developed by Rhodes 
and Tilson [14] permits a deep understanding of the connection between 
logic and algebra that underlies Theorem 1.1. Suppose that M and N are 
two finite monoids. We write the operation in M additively, and its identity 
as 0. This is not meant to imply that M is commuative, although in fact, 
in the critical examples we consider below, M will be commutative. We 
consider both a left action and a right action of N on M that are compatible 
in the sense that 
(nm)n' = n(mn’) 


for all m € M; n,n’ € N. We further suppose that these actions respect the 
identities in both monoids, so that 


n0 = 0n =0 


for all n € N, and 
Im=ml=m 


for allm € M. The bilateral semidirect product M xx N with respect to these 
actions is the monoid whose underlying set is M x N and whose operation 
is given by 

(mı, ni) (mo, nə) = (mino + NIMI, nino). 
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Rhodes and Tilson also define a block product MON, a bilateral semidirect 
product of MXN and N that contains all the bilateral semidirect products 
M «x N. 

The connection with quantification comes in when we consider languages 
recognized by bilateral semidirect products M ** N (or, what is the same 
thing, block products MON) in which M is either idempotent and com- 
mutative, or an abelian group. This becomes clear if we try to compute 
the image of a word w = 01 ---o, under a homomorphism into the bilateral 
semidirect product. If we suppose that this morphism maps g; to (m, ni), 
then w is mapped to: 


r r i-l r r 

[man = Sq nj)mi( Il nx), [] ni) 

i=1 i=1 j=l k=i+1 i=1 
In other words, computation in M ** N keeps track in M of the factoriza- 
tions w = uov, where the images of u and v are computed in N. It follows 
that if M is idempotent and commutative, then a language recognized by 
M xx N is a boolean combination of languages of the form LoL’, where L, L’ 
are recognized by N; and that if M is an abelian group of exponent q, then 
any language recognized by M ** N is a boolean combination of languages 
of the form (L,o,L’,r,q), where again L and L’ are recognized by L. As 
mentioned above, these language operations can be captured by application 
of ordinary and modular quantifiers. 

Conversely, consider a language L defined by a sentence of the form 


ITP, 


or 
ar mod q 
= TP, 


where ¢ is itself a formula with ordinary and modular quantifiers over the 
signature {<}. We can view the formula y, which has a single free variable zx, 
as defining a language Lẹ over the extended alphabet » x 2{*}. Elements of 
this language are words in which one of the positions is marked, and which 
satisfy y when the free variable is instantiated by the marked position. Like- 
wise, we can view a formula with k free variables as definining a language 
of marked words with k distinct marks, some of which may coincide. Let 
uL: &* — M(L) be the syntactic morphism of L, and vz : A* > M(L’). 
This is where the decomposition theory of Rhodes and Tilson comes 
in. The relation ypu; : M(L) > M(L’) is a relational morphism, and 
its kernel category is idempotent and commutative (in the case of ordinary 
quantifiers) or covered by an abelian group of exponent q (in the case of 
modular quantifiers). This implies that M(L) is recognized by a block 
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product KOM(L’), where K is idempotent and commutative or an abelian 
group of exponent q, depending on the quantifiers. 

Theorem 1.1 follows from these observations and the Krohn-Rhodes The- 
orem for block products: The solvable groups of order dividing a power of 
q for the smallest variety of finite monoids closed under block product and 
containing all the abelian groups of exponent q, and all the idempotent and 
commutative monoids. This is the approach taken in the journal version of 
our paper with Wolfgang Thomas [23], and in Straubing [19], which con- 
siders a large assortment of regular language classes defined with modular 
quantifiers. 


2 Circuits 
2.1 Constant-depth circuits and the ACC? problem 


Why study modular quantifiers in the first place? To be frank, when we 
began our work we did not have a particularly compelling answer to this 
question! Modular counting of factorizations was an instance of an oper- 
ation that happened to be easy to describe, but not particularly easy to 
understand, which we were able to analyze completely with our new alge- 
braic methods. 

But, as sometimes happens when you are lucky, we subsequently found 
a very good reason to be interested in these matters. This came from 
computational complexity. 

A circuit with n inputs is a directed acyclic graph, and in our circuits we 
shall require that there be a single sink node. Each source node is labeled 
by a variable x; or its negation ~z, where 1 <i < n, and each non-source 
node of in-degree r by a function f : {0,1}" — {0,1}. Initially we shall just 
use the r-ary AND and OR functions, corresponding to standard logic gates, 
but later we shall play around with the gate type. 

The circuit computes as follows: Given a bit string a ,---ap, place a; 
at each source node labeled x;, =a; at each source node labeled 72;, and 
recursively compute a bit value for each non-source node: If the entering 
edges of a node labeled f connect to nodes with bit values b1,...,br, then 
the node will get the value f(b1,...,,). (In all of our examples the gate 
functions f are symmetric, so we needn’t worry about ordering the incoming 
edges to a node.) The input is accepted if the bit value assigned to the sink 
node is 1, and rejected otherwise. 

A circuit family with one circuit for each positive input length n thus 
recognizes a language L C {0,1}*. If the circuits in the family contain only 
AND and OR gates, the depth of the circuits in the family (the length of the 
longest path from an input to the sink) is bounded by a constant, and the 
size (the number of nodes) of the nth circuit in the family is bounded by n* 
for some constant k, then the language is said to belong to the class AC®. 
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AC?° contains the set of all strings of the form wv, where |u| = |v| and 
the integer with binary representation u is greater than the integer with 
binary representation v. Indeed, we can write this circuit explicitly as 

n 

VV (A ((2i A Litn) V (azri TAN atin) \ Tj \ <2; +n) š 

j=l i<j 
If we were to allow multiple outputs, then we could use the same strategy 
to perform binary addition of two n-bit numbers in depth 3 and size nO), 
AC?” contains every star-free regular language in {0,1}*, and in fact every 
star-free regular language over any finite alphabet ©, provided we adopt a 
fixed-length encoding of letters of X by bit strings. 

Let us contrast AC? with another circuit complexity class, this one 
called NC*. NC! also consists of polynomial-size families of circuits with 
AND and OR gates, but we allow the depth of the circuits to grow logarith- 
mically (i.e., the depth of the nt” circuit is O(logn)) and we require every 
node to have in-degree 2. NC’ contains every regular language. If we were 
to allow multiple outputs, then we could multiply two n-bit numbers or add 
n n-bit numbers [5] and even multiply n n-bit numbers and perform integer 
division [3]. 

The natural question in computational complexity is whether one model 
is really computationally more powerful than another. It is easy to see that 
AC?” is contained in NC’. Can we really do more with logarithmic-depth 
circuits? 

Furst, Saxe and Sipser [6] showed that, indeed, the PARITY language, 
consisting of all bit strings with an even number of 1’s, requires superpoly- 
nomial-size circuit families of constant depth, and thus is not in AC°. The 
same argument shows that for any q > 1, the set of bit strings in which 
the number of 1’s is divisible by q is not in AC®, and a reduction argument 
shows that we cannot do such things as multiply two integers in multiple- 
output AC®. 

We can try to boost the power of the constant-depth model by adding 
things like PARITY as a kind of oracle gate. More formally, we let q > 1 
and consider the functions f, : {0,1}" — {0,1} where f,(a1,...,a,) = 1 if 
and only if aj +--+ ar is divisible by q. We call such a function a MOD, 
gate. ACC°(q) is the family of languages recognized by constant-depth 
polynomial-size families of circuits that include AND, OR and MOD, gates. 
ACC? is the union of the classes ACC"(q) over all q > 0. 

The definitive result on ACC® is the following theorem of Smolen- 
sky [17], which contains the result of Furst-Saxe and Sipser as a special 
case. 


Theorem 2.1. Let p and q be distinct primes, and k > 0. The the set Lp 
of bit strings in which the number of 1’s is divisible by p is not in ACC°(q). 
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But that’s not really definitive enough! It tells us that we cannot 
count, say, modulo 7 in ACC°(8), or ACC°(25), but tells us nothing about 
whether we can do this in ACC°(6), because 6 has two distinct prime fac- 
tors. We expect that it cannot be done in ACC°(6), and more generally: 


Conjecture 2.2. 

(a) Let q > 1. If p is a prime that does not divide q, then ACC°(q) does 
not contain Lp. 

(b) ACC? is properly contained in NCH. 


We know very little about what occurs when the modulus of the modular 
gates is not a prime power. Not only has this problem remained unsolved 
for twenty years, but it stands, in a sense, at the very frontier of current 
knowledge about computational complexity. We do not know how to sep- 
arate NC! from ACC®, but we also do not know if there is a language 
in LOGSPACE that is not in NC’, nor a language in P that is not in 
LOGSPACE, nor, of course, a language in NP that is not in P. It is 
entirely consistent with the current state of our knowledge that ACC? con- 
tains an NP-complete problem. 


2.2 Circuits and predicate logic 


There is a close connection between the constant-depth circuit families we 
described above, and formulas of first-order logic used to define languages, 
first observed by Gurevich and Lewis [7], and independently by Immer- 
man [8]. 


We illustrate this with an example. Let us return to the language 
comp = {uv : |u| = lv], (u)2 > (v)o}, 


where (w)2 denotes the integer whose binary representation is u. In the 
last section we gave a description of a circuit family recognizing a similar 


language. 
If we are allowed to read u and v in parallel then we could consider the 
pair (u,v) as a string of length n = |u| = |v| over the four-letter alphabet 


{0, 1}x{0, 1}. With this interpretation, Leomp is a star-free regular language, 
defined by the first-order sentence 
321 (Qa,0)21 A Vz9((z2 < 21) -— Q (1,1) 22 V Q(0,0)22))- 


Of course, positions in this string encode pairs of positions in wv, and we 
can translate this into a sentence that talks directly about uv: 


deisyi(Qiti A Qoy A (y1 = x1 +n) 
TAN VaoVyo(x2 <aAy2=%2+n- 
(Qi%2 A Qiy2) V (Qo%2 A Qiy2))) 
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The result is a first-order sentence that defines the original language Leomp. 
Observe that we have had to introduce a new numerical predicate y = x +n 
which says that x and y occupy corresponding positions in the two halves 
of uv. 

Conversely, we can ‘unroll’ this first-order formula and obtain expres- 
sions for a circuit family recognizing Leomp. These will be much like the 
ones that we saw in the last section. 

This sort of argument works in general: if we denote by M the family of 
all numerical predicates, then AC? is exactly the same as the class FON] of 
languages defined by first-order sentences with no restriction on numerical 
predicates. The identical argument works if we permit modular quantifiers 
of modulus q in our formulas and MOD, gates in our circuits. The details 
are given in Barrington et. al. [2]. 


As a result, we have: 
Theorem 2.3. ACC"(g) = (FO + MOD ) W]. 


2.3 The connection with regular languages 


A consequence of the theorem of Furst, Saxe and Sipser cited above, noted 
in [2], is that the regular languages in AC? are precisely those definable 
by first-order sentences in which, in addition to the order relation, there are 
predicates =; for equivalence of positions modulo t, for all positive integers 
t. In [19], the numerical predicates that are definable by first-order formulas 
in < and =; are called regular numerical predicates, since this is in fact the 
largest class of numerical predicates that one can introduce into sentences 
and still guarantee that every definable language is regular.We denote by R 
this class of numerical predicates. 

The languages definable in this way are not quite star-free, since they 
include, in particular, the languages ({0,1}*)* of strings of length divisible 
by t. But they are almost star-free in the sense that they are the smallest 
class containing the star-free languages and the languages ({0,1}*)* that 
is closed under boolean operations and concatenation. If we combine this 
with the logical characterization of AC°, we obtain: 


Theorem 2.4. The family of regular languages in FO|\] is FO[R]. 
It is therefore reasonable to conjecture 


Conjecture 2.5. Let q > 0. The family of regular languages in (FO + 
MOD,)|N] is (FO + MOD,)[R]. 


In fact, this is equivalent to our previous Conjecture 2.2. The principal 
reason for this equivalence is the fact, discovered by Barrington [1], that lan- 
guages whose syntactic monoids contain a nonsolvable group are complete 
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for NC! under a particularly restrictive kind of reduction: a consequence 
is that as soon as (FO + MOD,)[N] contains such a regular language, it 
contains all of NC. 

We have thus reduced our conjectured solution to one of the outstanding 
open problems in computational complexity to a purely model-theoretic 
question about the definability of regular languages in an extension of first- 
order logic. It makes sense to look for a model-theoretic explanation of the 
phenomenon. Unfortunately, the only proof we that we possess for the pure 
first-order case, Theorem 2.4 requires the lower bounds results from circuit 
complexity. And, as we have already remarked, none of the methods for 
proving these bounds generalizes to treat ACC®. 

There has been some small progress on the question. Roy and Straub- 
ing [15] use model-theoretic collapse results to prove Conjecture 2.5 when 
the only numerical predicate allowed is the addition of positions. They also 
show the conjecture holds for sentences that contain only the order rela- 
tion and arbitrary monadic numerical predicates. However, as they discuss, 
there are fundamental obstacles to generalizing these methods. 


3 Sentences with a bounded number of variables 

3.1 Two- and three-variable first-order sentences 

An occurrence of a variable x in a sentence can lie within the scope of 
several different quantifiers that use this variable. It is only the innermost 
such quantifer that binds this occurrence of x. Thus it is possible to re-use 
variables within a sentence. For instance, the sentence 


Jr(Qox A Iyly < cA Qry AAa(a < y^ QrrA^Iyly <z A^ Qsy)))) 


defines the set of all strings that have a subsequence oTTo. 

It is known that every first-order sentence over < is equivalent to one in 
which only three variables are used. (Kamp [10], Immerman and Kozen [9}). 
Thérien and Wilke showed that the languages definable by two-variable sen- 
tences could be characterized in terms of the syntactic monoid [25]: These 
are the languages whose syntactic monoids belong the the variety DA. There 
are many equivalent definitions of this class of monoids, but here is one we 
shall find most useful: Two elements m and n of a monoid M are said to 
be J-equivalent if MmM = MnM. A monoid is in DA if it is aperiodic, 
and if every element J-equivalent to an idempotent is itself idempotent. 

The language (o7T)* that we discussed earlier serves as a good example 
that separates two-variable definability from first-order definability. It is 
quite plausible that we cannot define this language without referring to one 
position being between two others, and that this will require three variables 
to do. The proof is that the words g and oro represent the same elements 
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of the syntactic monoid of this language, and so o and ør are J/-equivalent, 
but the second of these is idempotent, while the first is not. 


3.2 Modular quantifiers with a bounded number of variables 


In [21] we investigated what happens when we bound the number of variables 
in sentences that contain modular quantifiers. If modular quantifiers are 
used exclusively, then every sentence is equivalent to one in which only 
two variables are used. When both modular and ordinary quantifiers are 
allowed, then three variables are again sufficient to define all the languages 
in (FO + MOD)[<]. An interesting phenomenon occurs in the two-variable 
case. Consider again the language (o7)* in the example above. It is defined 
by a sentence that says the length of the string is even, and that a position 
contains 7 if and only if it is an odd-numbered position: 


30 mod 2e(x =x) AV2(Q,t = IP mod u(y < 2)). 


What is remarkable here is that modular quantifiers are not required at all 
to define this language, but allowing them leads to a more economical (in 
terms of the number of variables) specification. Furthermore, appearances 
to the contrary, the modulus used is irrelevant. It is possible to define the 
same language with two variables using modular quantifiers of modulus 3, 
a puzzle we leave for the reader. 

Let us denote by (FO + MOD)?[<] the family of languages in 
(FO + MOD)[<] definable by a two-variable sentence. We further denote 
by Xə[MOD] the family of languages defined by sentences over < in which 
there is a block of existential quantifiers, followed by a block of universal 
quantifiers, followed by a formula in which only modular quantifiers appear. 
The family II2[ MOD] is defined similarly. We showed: 


Theorem 3.1. Let L C &*. The following are equivalent 
(a) L € (FO + MOD)? [<]. 
(b) L € Xg{MOD] A Te[MOD]. 


(c) The syntactic monoid M (L) divides a wreath product M o G, where 
M € DA and G is a solvable group. (That is, M(L) belongs to the 
pseudovariety DA * Gyo.) 


Interestingly, we do not know how to determine effectively if a given 
finite monoid belongs to DA * G,.j. The problem is equivalent to deter- 
mining whether a set of partial one-to-one functions on a finite set X can 
be extended to a solvable permutation group on a larger set Y. We refer 
the reader to [21] for a discussion of this problem, as well as an apparent 
connection to computational complexity; and also to [20], where we give a 
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different proof of the equivalence of (a) and (c) above, based on the block 
product. 

On the other hand, we do possess an effective test for whether a given 
finite monoid M divides a wreath product of a monoid in DA and a finite 
group (which may not be solvable): If e and f are 7-equivalent idempotents 
of M, and ef lies in the same J-class, then ef is itself idempotent. To 
see how this criterion works in an example, consider the language L = 
(o+7)*oo(o+7)* of all strings over {o, 7} in which there are two consecutive 
occurrences of ø. Since 7T and tor are equivalent in M(L), as are o and 
oto, we conclude that o, T, oT and To are in the same J-class. Of these, 
all but o are idempotent. The condition is then violated by choosing e = 
ot and f = To, since the product ef is equal to the non-idempotent ø. 
We conclude that this language requires three variables to define, even if 
modular quantifiers are permitted. Observe how this purely model-theoretic 
conclusion, which might be difficult to obtain otherwise, follows from a 
relatively simple calculation in the minimal automaton of L. 


3.3 The placement of the modular quantifiers, and more circuit 
complexity 

An important element in the proof of Theorem 3.1 above is a kind of normal 

form for two-variable sentences over < containing modular quantifiers: Ev- 

ery sentence of (FO + MOD)?[<] is equivalent to one in which an ordinary 

quantifier never appears within the scope of a modular quantifier. 

We therefore should expect the expressive power of two-variable logic to 
decrease if we require instead that modular quantifiers not appear inside the 
scope of other quantifiers. Tesson and Thérien [24] showed that in this case, 
the syntactic monoids of the languages defined are in the pseudovariety DO 
of monoids in which every regular J-class (i.e., every J-class that contains 
an idempotent) is an orthodox semigroup-that is, a semigroup in which the 
product of two idempotents is idempotent. More precisely, they show: 


Theorem 3.2. A language L is definable by a two-variable sentence over 
< in which no modular quantifier appears within the scope of an ordinary 
quantifier if and only if M(L) € DO and every group in M(L) is solvable. 

Furthermore, L is definable by such a sentence in which no modular 
quantifier appears within the scope of another quantifier if and only if 
M(L) € DO and every group in M(L) is abelian. 


Let us illustrate this theorem with two examples. As already noted, 
our canonical example (o7)* has a syntactic monoid in which the J-class 
containing the idempotents ør and To is not a subsemigroup. Thus this 
language cannot be defined by a two-variable sentence in which the modular 
quantifiers appear outside the ordinary quantifiers. 
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Second, consider the language consisting of words over {0,7}, of the 
form wro*, where k > 0, and w contains an even number of occurrences 
of a. This is defined by the sentence 


JP mod 25(Q,2 A ay(z <yAQry); 


in which the modular quantifier appears outside the ordinary quantifier. 
The underlying set of the syntactic monoid M is 


Zo U (Zo x Zo). 


Words of the form o* are map to the element i mod 2. Words of the form 
wra", where w contains j occurrences of o are mapped to (j mod 2, k mod 
2). The multiplication in M is given by 

i+ j) mod 2, 

(i + j) mod 2, k), 

j, (k +i) mod 2), 

(j+ k+ j^) mod 2, k’). 


a j= 
i- (J, k) 

G k): i= 
(3,4) k’) 


The two J-classes have underlying sets Zə itself, and (Z2 x Z2) and the 
idempotents are 0,(0,0) and (1,1). Observe that this monoid is itself an 
orthodox semigroup. 

Once again, there is a connection to computational complexity: Koucky 
et.al. [11] show that the languages whose syntactic monoids are in DO and 
contain only abelian groups are precisely the regular languages recognized 
by ACC?” circuits with only a linear number of wires. 


(i 
( 
(j 
( 


4 Conclusion 


Problems about the expressive power of modular quantifiers with unre- 
stricted numerical predicates lie at the very edge of current knowledge about 
computational complexity. In all likeliehood, we are a long way from solving 
them. We have, however, been able to apply algebraic methods to obtain 
a thorough understanding of what happens when we use regular numer- 
ical predicates. This has led to large array of results that are deep and 
interesting in their own right, and provides valuable intuition about what 
is probably going on in the elusive general case. 
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Abstract 


We review, in a unified framework, translations from five dif- 
ferent logics—monadic second-order logic of one and two successors 
(S1S and $28), linear-time temporal logic (LTL), computation tree 
logic (CTL), and modal p-calculus (MC)—into appropriate models of 
finite-state automata on infinite words or infinite trees. Together with 
emptiness-testing algorithms for these models of automata, this yields 
decision procedures for these logics. The translations are presented in 
a modular fashion and in a way such that optimal complexity bounds 
for satisfiability, conformance (model checking), and realizability are 
obtained for all logics. 


1 Introduction 


In his seminal 1962 paper [17], Biichi states: “Our results [...] may there- 
fore be viewed as an application of the theory of finite automata to logic.” 
He was referring to the fact that he had proved the decidability of the 
monadic-second order theory of the natural numbers with successor func- 
tion by translating formulas into finite automata, following earlier work by 
himself [16], Elgot [35], and Trakthenbrot [122]. Ever since, the approach 
these pioneers were following has been applied successfully in many differ- 
ent contexts and emerged as a major paradigm. It has not only brought 
about a number of decision procedures for mathematical theories, for in- 
stance, for the monadic second-order theory of the full binary tree [100], 
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but also efficient algorithms for problems in verification, such as a highly 
useful algorithm for LTL model checking [124]. 

The “automata-theoretic paradigm” has been extended and refined in 
various aspects over a period of more than 40 years. On the one hand, the 
paradigm has led to a wide spectrum of different models of automata, specif- 
ically tailored to match the distinctive features of the logics in question, on 
the other hand, it has become apparent that there are certain automata- 
theoretic constructions and notions, such as determinization of automata on 
infinite words [85], alternation [90], and games of infinite duration [12, 54], 
which form the core of the paradigm. 

The automata-theoretic paradigm is a common thread that goes through 
many of Wolfgang Thomas’s scientific works. In particular, he has written 
two influential survey papers on this topic [118, 120]. 

In this paper, we review translations from five fundamental logics, mon- 
adic second-order logic of one successor function (S1S), monadic second- 
order logic of two successor functions (S2S), linear-time temporal logic 
(LTL), computation tree logic (CTL), and the modal p-calculus (MC) into 
appropriate models of automata. At the same time, we use these trans- 
lations to present some of the core constructions and notions in a unified 
framework. While adhering, more or less, to the chronological order as far as 
the logics are concerned, we provide modern translations from the logics into 
appropriate automata. We attach importance to present the translations in 
a modular fashion, making the individual steps as simple as possible. We 
also show how the classical results on S1S and S2S can be used to derive 
first decidability results for the three other logics, LTL, CTL, and MC, but 
the focus is on how more refined techniques can be used to obtain good 
complexity results. 

While this paper focuses on the translations from logics into automata, 
we refer the reader to the excellent surveys [118, 120] and the books [52, 96] 
for the larger picture of automata and logics on infinite objects and the 
connection with games of infinite duration. 


Basic notation and terminology 


Numbers. In this paper, the set of natural numbers is denoted w, and 
each natural number stands for the set of its predecessors, that is, n = 
{0,...,2— 1}. 

Words. An alphabet is a nonempty finite set, a word over an alphabet A 
is a function n > A where n € w for a finite word and n = w for an infinite 
word. When u: n — A is a word, then n is called its length and denoted 
|u|, and, for every i < n, the value u(i) is the letter of u in position i. The 
set of all finite words over a given alphabet A is denoted A*, the set of all 
infinite words over A is denoted A”, the empty word is denoted £, and At 


Automata: from logics to algorithms 631 


stands for A* \ {e}. 

When u is a word of length n and 7,7 E€ w are such that 0 < i,j < n, 

then uli, j] = u(z)...u(j), more precisely, uļi, j] is the word u’ of length 
max{j — i + 1,0} defined by u’(k) = u(i +k) for all k < |u’|. In the same 
fashion, we use the notation uli, j). When u denotes a finite, nonempty 
word, then we write u(*) for the last letter of u, that is, when |u| = n, then 
u(x) = u(n — 1). Similarly, when u is finite or infinite and i < |u|, then 
ult, x) denotes the suffix of u starting at position i. 
Trees. In this paper, we deal with trees in various contexts, and depending 
on these contexts we use different types of trees and model them in one way 
or another. All trees we use are directed trees, but we distinguish between 
trees with unordered successors and n-ary trees with named successors. 

A tree with unordered siblings is, as usual, a tuple ZY = (V, E) where V 
is a nonempty set of vertices and E C V x V is the set of edges satisfying 
the usual properties. The root is denoted root(7), the set of successors of 
a vertex v is denoted sucs? (v), and the set of leaves is denoted lvs(.7). 

Let n be a positive natural number. An n-ary tree is a tuple F = 
(V, suco, . . ., SUCn—1) where V is the set of vertices and, for every i < n, suc; 
is the ith successor relation satisfying the condition that for every vertex 
there is at most one ith successor (and the other obvious conditions). Every 
n-ary tree is isomorphic to a tree where V is a prefix-closed nonempty subset 
of n* and suc;(v,v’) holds for v,v’ € V iff vu’ = vi. When a tree is given 
in this way, simply by its set of vertices, we say that the tree is given in 
implicit form. The full binary tree, denoted in, is 2* and the full w-tree is 
w*. In some cases, we replace n in the above by an arbitrary set and speak 
of D-branching trees. Again, D-branching trees can be in implicit form, 
which means they are simply a prefix-closed subset of D*. 

A branch of a tree is a maximal path, that is, a path which starts at 
the root and ends in a leaf or is infinite. If an n-ary tree is given in implicit 
form, a branch is often denoted by its last vertex if it is finite or by the 
corresponding infinite word over n if it is infinite. 

Given a tree J and a vertex v of it, the subtree rooted at v is de- 
noted J |v. 

In our context, trees often have vertex labels and in some rare cases edge 
labels too. When L is a set of labels, then an L-labeled tree is a tree with a 
function l added which assigns to each vertex its label. More precisely, for 
trees with unordered successors, an L-labeled tree is of the form (V, Æ, 1) 
where l: V — E; an L-labeled n-ary tree is a tuple (V,suco,...,sucy,—1, L) 
where l: V — E; an L-labeled n-ary tree in implicit form is a function 
t: V — L where V C n* is the set of vertices of the tree; an L-labeled 
D-branching tree in implicit form is a function t: V — L where V C D* 
is the set of vertices of the tree. Occasionally, we also have more than one 
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vertex labeling or edge labelings, which are added as other components to 
the tuple. 

When 7 is an L-labeled tree and u is a path or branch of 7, then the 

labeling of u in Z, denoted 17 (u), is the word w over L of the length of u 
and defined by w(i) = [(u(z)) for all i < |u|. 
Tuple Notation. Trees, graphs, automata and the like are typically de- 
scribed as tuples and denoted by calligraphic letters such as 7, Y, and 
so on, possibly furnished with indices or primed. The individual compo- 
nents are referred to by V7, E%, E7’, .... The ith component of a tuple 
t = (co,...,Cr—1) is denoted pr;(t). 


2 Monadic second-order logic of one successor 


Early results on the close connection between logic and automata, such as 
the Biichi-Elgot-Trakhtenbrot Theorem [16, 35, 122] and Biichi’s Theorem 
[17], center around monadic second-order logic with one successor relation 
(S1S) and its weak variant (WS1S). The formulas of these logics are built 
from atomic formulas of the form suc(x, y) for first-order variables x and y 
and x € X for a first-order variable x and a set variable (monadic second- 
order variable) X using boolean connectives, first-order quantification (3x), 
and second-order quantification for sets (3X). The two logics differ in the 
semantics of the set quantifiers: In WS1S quantifiers only range over finite 
sets rather than arbitrary sets. 

S1S and WSIS can be used in different ways. First, one can think of them 
as logics to specify properties of the natural numbers. The formulas are 
interpreted in the structure with the natural numbers as universe and where 
suc is interpreted as the natural successor relation. The most important 
question raised in this context is: 


Validity. Is the (weak) monadic second-order theory of the natural numbers 
with successor relation decidable? (Is a given sentence valid in the natural 
numbers with successor relation?) 


A slightly more general question is: 


Satisfiability. Is it decidable whether a given (W)S1S formula is satisfiable 
in the natural numbers? 


This is more general in the sense that a positive answer for closed formu- 
las only already implies a positive answer to the first question. Therefore, 
we only consider satisfiability in the following. 

Second, one can think of S1S and WSIS as logics to specify the behavior 
of devices which get, at any moment in time, a fixed number of bits as input 
and produce a fixed number of bits as output (such as sequential circuits), 
see Figure 1. Then the formulas are interpreted in the same structure as 
above, but for every input bit and for every output bit there will be exactly 
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FIGURE 1. Sequential device 


one free set variable representing the moments in time where the respective 
bit is true. (The domain of time is assumed discrete; it is identified with 
the natural numbers.) A formula will then be true for certain input-output 
pairs—coded as variable assignments—and false for the others. 

For instance, when we want to specify that for a given device with one 
input bit, represented by the set variable X, and one output bit, represented 
by Y, it is the case that for every other moment in time where the input 
bit is true the output bit is true in the subsequent moment in time, we can 
use the following formula: 


Z(“Z contains every other position where X is true” ^ 
Va(a € Z — “the successor of x belongs to Y”)). 


That the successor of x belongs to Y is expressed by Vy(suc(z, y) > y € Y). 
That Z contains every other position where X is true is expressed by the 
conjunction of the three following conditions, where we assume, for the 
moment, that the “less than” relation on the natural numbers is available: 


e Z isa subset of X, which can be stated as Yz(x € Z > x € X), 


e If X is nonempty, then the smallest element of X does not belong to Z, 
which can be stated as Va(x € X AVy(y < z > ~y E€ X) > ~r € Z). 


e For all x,y € X such that x < y and such that there is no element of 
X in between, either x or y belongs to Z, which can be stated as 


Vaevy(m EXANYEXAT<YA 
Ve(u<zAz<y z E X)—> (we Zor aye Z)). 


To conclude the example, we need a formula that specifies that x is less than 
y. To this end, we express that y belongs to a set which does not contain x 
but with each element its successor: 


AX (nar € X AVW2'(z € X Asuc(z, 2’) >z E X)AyE X). 
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The most important questions that are raised with regard to this usage of 
(W)SI1S are: 


Conformance. Is it decidable whether the input-output relation of a given 
device satisfies a given formula? 


Realizability. Is it decidable whether for a given formula there exists a 
device with an input-output relation satisfying the formula (and if so, can 
a description of such a device be produced effectively)? 


Obviously, it is important what is understood by “device”. For instance, 
Church, when he defined realizability in 1957 [23], was interested in boolean 
circuits. We interpret device as “finite-state device”, which, on a certain 
level of abstraction, is the same as a boolean circuit. 

In this section, we first describe Biichi’s Theorem (Section 2.1), from 
which we can conclude that the first two questions, satisfiability and con- 
formance, have a positive answer. The proof of Btichi’s Theorem is not very 
difficult except for a result about complementing a certain type of automa- 
ton model for infinite words, which we then establish (Section 2.2). After 
that we prove a result about determinization of the same type of automaton 
model (Section 2.3), which serves as the basis for showing that realizabil- 
ity is decidable, too. The other ingredient of this proof, certain games of 
infinite duration, are then presented, and finally the proof itself is given 
(Section 2.4). 


2.1 Biuichi’s Theorem 


The connection of 51S and WS1S to automata theory, more precisely, to 
the theory of formal languages, is established via a simple observation. As- 
sume that y is a formula such that all free variables are set variables among 
Vo,---;Vm_—1, which we henceforth denote by y = (Vo, .-.-,Vm-1). Then 
the infinite words over [2],,, the set of all column vectors of height m with 
entries from {0,1}, correspond in a one-to-one fashion to the variable assign- 
ments a: {Vo,...,Vm—1} — 2”, where 2” stands for the power set of any 
set M. More precisely, for every infinite word u € [2]¥, let a, be the vari- 
able assignment defined by a,(V;) = {i < w: u(i)] = 1}, where, for every 
a € [2|m, the expression ajj) denotes entry j of a. Then a, ranges over all 
variable assignments as u ranges over all words in [2]”,. As a consequence, 
we use u = p, or, when “weak quantification” (only finite sets are consid- 
ered) is used, u =Y rather than traditional notation such as N, a H 
(where N stands for the structure of the natural numbers). Further, when 
y is a formula as above, we define two formal languages of infinite words 
depending on the type of quantification used: 


L(y) = {ue Bln: u E p}, L7 (p) = {ue B]: u E7 p}. 
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The initial state has an incoming edge without origin; final states are shown as 
double circles. 


FIGURE 2. Example for a Btichi automaton 


We say that defines the language -Z (y) and weakly defines the language 
L(y). Note that, for simplicity, the parameter m is not referred to in our 
notation. 

Biichi’s Theorem states that the above languages can be recognized by an 
appropriate generalization of finite-state automata to infinite words, which 
we introduce next. A Biichi automaton is a tuple 


A =(A,Q,Q1,4, F) 


where A is an alphabet, Q is a finite set of states, Q; C Q is a set of initial 
states, A C Q x Ax Q is a set of transitions of æ, also called its transition 
relation, and F C Q is a set of final states of 2. An infinite word u € A” is 
accepted by & if there exists an infinite word r € Q” such that r(0) € Qz, 
(r(i), u(i), r(i+1)) € A for every i, and r(i) € F for infinitely many 7. Such 
a word r is called an accepting run of æ% on u. The language recognized by 
æ, denoted Z (æ), is the set of all words accepted by æ. 

For instance, the automaton in Figure 2 recognizes the language corre- 
sponding to the formula 


Va(x € Vo > Jylz < y ^y € V1)), 


which says that every element from Vo is eventually followed by an element 
from Vı. In Figure 2, qr is the state where the automaton is not waiting 
for anything; qı is the state where the automaton is waiting for an element 
from Vı to show up; q2 is used when from some point onwards all positions 
belong to Vo and V;. Nondeterminism is used to guess that this is the case. 
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Biichi’s Theorem can formally be stated as follows. 
Theorem 2.1 (Biichi, [17]). 


1. There exists an effective procedure that given a formula y = 
y(Vo,---;Vm—1) outputs a Biichi automaton & such that L(A) = 


L(Y) 


2. There exists an effective procedure that given a Biichi automaton ~/ 
over an alphabet [2], outputs a formula y = y(Vo,...,Vin—1) such 
that L(y) = f(a). 


The proof of part 2 is straightforward. The formula which needs to 
be constructed simply states that there exists an accepting run of & on 
the word determined by the D to the variables V;. One way to 
construct y is to write it as 3Xo...J3Xn—-1ı%Y where each set variable X; 
corresponds exactly to one state of g and where w is a first-order formula 
(using < in addition to suc) which states that the X;’s encode an accepting 
run of the automaton (the X;’s must form a partition of w and the above 
requirements for an accepting run must be satisfied): 0 must belong to one 
of the sets X; representing the initial states; there must be infinitely many 
positions belonging to sets representing final states; the states assumed at 
adjacent positions must be consistent with the transition relation. 

The proof of part 1 is more involved, although the proof strategy is 
simple. The desired automaton is constructed inductively, following the 
structure of the given formula. First-order variables, which need to be dealt 
with in between, are viewed as singletons. The induction base is straightfor- 
ward and two of the three cases to distinguish in the inductive step are so, 
too: disjunction on the formula side corresponds to union on the automaton 
side and existential quantification corresponds to projection. For negation, 
however, one needs to show that the class of languages recognized by Büchi 
automata is closed under complementation. This is not as simple as with 
finite state automata, especially since deterministic Büchi automata are 
strictly weaker than nondeterministic ones, which means complementation 
cannot be done along the lines known from finite words. 

In the next subsection, we describe a concrete complementation con- 
struction. 

Buichi’s Theorem has several implications, which all draw on the follow- 
ing almost obvious fact. Emptiness for Butchi automata is decidable. This 
is easy to see because a Büchi automaton accepts a word if and only if 
in its transition graph there is a path from an initial state to a strongly 
connected component which contains a final state. (This shows that empti- 
ness can even be checked in linear time and in nondeterministic logarithmic 
space. ) 
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Given that emptiness is decidable for Büchi automata, we can state that 
the first question has a positive answer: 


Corollary 2.2 (Biichi, [17]). Satisfiability is decidable for S1S. 


Proof. To check whether a given S1S formula y = y(Vo,..., Vin—1) is satisfi- 
able one simply constructs the Biichi automaton which is guaranteed to exist 
by Buchi’s Theorem and checks this automaton for non-emptiness. Q.E.D. 


Observe that in the above corollary we use the term “satisfiability” to 
denote the decision problem (Given a formula, is it satisfiable?) rather than 
the question from the beginning of this section (Is it decidable whether ...). 
For convenience, we do so in the future too: When we use one of the terms 
satisfiability, conformance, or realizability, we refer to the corresponding 
decision problem. 

For conformance, we first need to specify formally what is meant by a 
finite-state device, or, how we want to specify the input-output relation of 
a finite-state device. Remember that we think of a device as getting inputs 
from [2]m and producing outputs from [2], for given natural numbers m 
and n. So it is possible to view an input-output relation as a set of infinite 
words over [2]m+4n- To describe an entire input-output relation of a finite- 
state device we simply use a nondeterministic finite-state automaton. Such 
an automaton is a tuple 


2 = (A, S, S1, A) 


where A is an alphabet, S is a finite set of states, S; C S is a set of initial 
states, and A C S x A x S is a transition relation, just as with Büchi 
automata. A word u € A” is accepted by 2 if there exists r € S” with 
r(0) € Sz and (r(i), u(t), r(i + 1)) € A for every i < w. The set of words 
accepted by 2, denoted (2), is the language recognized by 2. Observe 
that (2) is exactly the same as the language recognized by the Büchi 
automaton which is obtained from 2 by adding the set S as the set of final 
states. 

Conformance can now be defined as follows: Given an S1S formula 
p= o(Xo,.-.-,;Xm_1,Yo,---;Yn—1) and a finite-state automaton Y with 
alphabet [2]min, determine whether u | y for all u € Y (2). 

There is a simple approach to decide conformance. We construct a 
Biichi automaton that accepts all words u € (2) which do not satisfy the 
given specification y, which means we construct a Biichi automaton which 
recognizes £(Y)1 #(-y), and check this automaton for emptiness. Since 
Biichi’s Theorem tells us how to construct an automaton & that recognizes 
L (~g), we only need a construction which, given a finite-state automaton 
G and a Biichi automaton &, recognizes Y (A) L(Y). The construction 
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The product of a Biichi automaton & and a finite-state au- 
tomaton Y, both over the same alphabet A, is the Biichi 
automaton denoted <& x Y and defined by 


AX DG=(A,Qx S,Qr x S1,A,F x S) 
where 


A = {((q,s),a,(q',8')): (q,a, q’) € A” and (s,a,s’) € Aer, 


FIGURE 3. Product of a Biichi automaton with a finite-state automaton 


depicted in Figure 3, which achieves this, is a simple automata-theoretic 
product. Its correctness can be seen easily. 

Since we already know that emptiness is decidable for Biichi automata, 
we obtain: 


Corollary 2.3 (Biichi, [17]). Conformance is decidable for S1S. 


From results by Stockmeyer and Meyer [112, 111], it follows that the 
complexity of the two problems from Corollaries 2.2 and 2.3 is nonelemen- 
tary, see also [102]. 

Another immediate consequence of Biichi’s Theorem and the proof of 
part 2 as sketched above is a normal form theorem for $15 formulas. Given 
an arbitrary S15 formula, one uses part 1 of Biichi’s Theorem to turn it 
into an equivalent Biichi automaton and then part 2 to reconvert it to a 
formula. The proof of part 2 of Biichi’s Theorem is wee in such a way 
that a formula will emerge which is of the form 4V9...4V,-1~ where y% is 
without second-order quantification but uses <. Stick formulas are called 
existential S15 formulas. 


Corollary 2.4 (Biichi-Thomas, [17, 117]). Every S1S formula is equivalent 
to an existential S15 formula, moreover, one existential set quantifier is 
sufficient. 


To conclude this subsection we note that using the theory of finite au- 
tomata on finite words only, one can prove a result weaker than Buichi’s 
Theorem. In the statement of this theorem, automata on finite words are 
used instead of Biichi automata and the weak logic is used instead of the 
full logic. Moreover, one considers only variable assignments for the free set 
variables that assign finite sets only. The latter is necessary to be able to 
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describe satisfying assignments by finite words. Such a result was obtained 
independently by Btichi [16], Elgot [35], and Trakhtenbrot [122], preceding 
Buchi’s work on S15. 


2.2 Complementation of Biichi automata 


Büchi’s original complementation construction, more precisely, his proof of 
the fact that the complement of a language recognized by a Büchi automaton 
can also be recognized by a Biichi automaton, as given in [17], follows an 
algebraic approach. Given a Biichi automaton æ, he defines an equivalence 
relation on finite words which has 


1. only a finite number of equivalence classes and 


2. the crucial property that UV’ C L(A) or UV“ N L(A) = @ for all 
its equivalence classes U and V. 


Here, UV” stands for the set of all infinite words which can be written as 
UUQv v2... where u € U and v; € V for every i < w. To complete his proof 
Biichi only needs to show that 


(a) each set UV” is recognized by a Biichi automaton, 
(b) every infinite word over the given alphabet belongs to such a set, and 


(c) the class of languages recognized by Biichi automata is closed under 
union. 


To prove (b), Biichi uses a weak variant of Ramsey’s Theorem; (a) and (c) 
are easy to see. The equivalence relation Büchi defines is similar to Nerode’s 
congruence relation. For a given word u, he considers 


(i) all pairs (q,q’) of states for which there exists a path from q to q’ 
labeled u and 


(ii) all pairs (q,q’) where, in addition, such a path visits a final state, 


and he defines two nonempty finite words to be equivalent if they agree on 
these pairs. If one turns Biichi’s “complementation lemma” into an actual 
complementation construction, one arrives at a Biichi automaton of size 
29("") where n denotes the number of states of the given Biichi automaton. 

Klarlund [65] and Kupferman and Vardi [74] describe complementation 
constructions along the following lines. Given a Biichi automaton and 
a word u over the same alphabet, they consider the run DAG of & on u, 
which is a narrow DAG which contains exactly the runs of <& on u. Vertices 
in this run DAG are of the form (q,i) with q € Q and i € w and all runs 
where the ith state is q visit this vertex. They show that u is not accepted 
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by æ if and only if the run DAG can be split into at most 2n alternating 
layers of two types where within the layers of the first type every vertex 
has proper descendants which are labeled with nonfinal states and where 
within the layers of the second type every vertex has only a finite number 
of descendants (which may be final or nonfinal). This can easily be used 
to construct a Btichi automaton for the complement: It produces the run 
DAG step by step, guesses for each vertex to which layer it belongs, and 
checks that its guesses are correct. To check the requirement for the layers 
of the second type, it uses the Btichi acceptance condition. The size of 
the resulting automaton is 2°("!°8™), Optimizations lead to a construction 
with (0.97n)” states [46], while the best known lower bound is (0.76n)”, 
established by Yan [131]. For practical implementations of the construction 
by Kupferman and Vardi, see [55]. 

In Section 2.2.2, we describe a complementation construction which is 
a byproduct of the determinization construction we explain in Section 2.3. 
Both constructions are based on the notion of reduced acceptance tree, 
introduced by Muller and Schupp [91] and described in what follows. 


2.2.1 Reduced acceptance trees 
Recall the notation and terminology with regard to binary trees introduced 
in Section 1. 

Let & be a Biichi automaton as above, u an infinite word over the alpha- 
bet A. We consider a binary tree, denoted .%,, which arranges all runs of 2 
on u in a clever fashion, essentially carrying out a subset construction that 
distinguishes between final and nonfinal states, see Figure 4 for a graphical 
illustration. 

The tree J, is given as lą: V, — 2° in implicit form and defined induc- 
tively as follows. 


(i) € € V, and ly (£) = Qr. 


(ii) Let v € Va, Q’ = la (v), a = u(|v|), and Q” = U{A(q, a): q E Q’}. 
Here and later, we use A(q,a) to denote {q' € Q: (q,a, q') € A}. 


e If Q” N F Æ Ø, then v0 € V, and l (v0) = Q” NF. 
e If Q” \ F#@, then vl € V, and lu (v1) = Q” \ F. 


The resulting tree is called the run tree of u with respect to &/. 

A partial run of & on u is a word r € QT U Q” satisfying r(0) € Qz and 
(r(i) u(t), r(¢ + 1)) € A for all ¢ such that i+ 1 < |r|. A run is an infinite 
partial run. 

Every partial run r of & on u determines a path b in the run tree: The 
length of b is |r| — 1 and b(i) = 0 if r(i + 1) € F and b(t) = 1 otherwise, 
for i < |r| —1. We write r|] for this path and call it the 2-projection of r. 


Automata: from logics to algorithms 641 


. % \ 

_ 4 \ 
LN JN 

a eS ae. 

i if g T 
\ \ 


Depicted are the run tree and the reduced run 
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tional convenience we only list their elements. 
FIGURE 4. Run tree and reduced run tree 


Clearly, if r is an accepting run of æ on u, then r|| has infinitely many left 
turns, where a left turn is a vertex which is a left successor. Conversely, if 
b is an infinite branch of %,, then there exists a run r of & on u such that 
r|| = b, and if b has infinitely many left turns, then r is accepting. This 
follows from Ko6nig’s lemma. 


From this, we can conclude: 


Remark 2.5. An infinite word u is accepted by a Büchi automaton æ% if 
and only if its run tree has a branch with an infinite number of left turns. 
We call such a branch an acceptance witness. 


The tree %, has two other interesting properties, which we discuss next. 
The first one is that Z, has a “left-most” acceptance witness, provided there 
is one at all. This acceptance witness, denoted 6,, can be constructed as 
follows. Inductively, assume b„(i) has already been defined for alli < nina 
way such that there is an acceptance witness with prefix b’ = b,,(0)...by(n— 
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1). If there is an acceptance witness with prefix b'O, we set b,(n) = 0. 
Otherwise, there must be an acceptance witness with prefix b'l, and we 
set b(n) = 1. Clearly, this construction results in an acceptance witness. 
One can easily prove that b, is the left-most acceptance witness in the 
sense that it is minimal among all acceptance witnesses with respect to the 
lexicographical ordering (but we do not need this here). 

The second interesting property says something about the states occur- 
ring to the left of b,. We say a state q is persistent in a vertex v of a branch 
b of Z, if there is a run r of & on u such that r|} = b and q € r(|v]), 
in other words, q is part of a run whose 2-projection contains v. A word 
v € {0,1}* is said to be left of a word w € {0,1}*, denoted v <i w, if 
|u| = |w| and v <jex w, where <jex denotes the lexicographical ordering. 
The crucial property of b,, is: 


Lemma 2.6. Let u be an infinite word accepted by a Biichi automaton &, 
w a vertex on the left-most acceptance witness b,,, and q a state which is 
persistent in w on bu. Then q ¢ lu(v) for every v € Vu such that v <ir w. 


Proof. Assume that w is a vertex on b, and that v € V, is left of w, let 
n = |v| (= |w|). For contradiction, assume q is persistent in w on bu and 
q € lu(v) Oly (w). Since q € lu(v), we know there is a partial run r of æ on 
u with r|| =v and r(n) =q. 

Since q is persistent in w on b, there exists a run r’ of & on u such 
that r’|| = bu and r’/(n) = q. Then r’[n,oo) is an uninitialized run of 
Æ on uln,oco) starting with q, where an uninitialized run is one where 
it is not required that the first state is the initial state. This implies that 
r” = rr'(n, oo) is a run of Y on u. Moreover, r(i) = r” (i) for all i > n, which 
implies r” || is an acceptance witness, too. Let c be the longest common 
prefix of r”|| and bu. We know that cO <pre r”|| and cl <pre bu, which 
is a contradiction to the definition of b,,—recall that r’’|| is an acceptance 
witness. Q.E.D. 


The above fact can be used to prune %, in such a way that it has finite 
width, but still contains an acceptance witness if and only if u is accepted 
by . We denote the pruned tree by Z’, write it as l: Vi — 2°), and 
call it the reduced acceptance tree. Informally, Z’ is obtained from %, by 
keeping on each level only the first occurrence of a state, reading the level 
from left to right, see Figure 4. Formally, the reduced acceptance tree is 
inductively defined as follows. 


(i) e € V} and l (e€) = Qr. 


(ii) Let v € Vy, Q' = (v), a = u(lv|), and Q” = U{A(g, a): ¢ € Q}, 
just as above. Assume l, (w) has already been defined for w <jg, v0 
and let Q = U{l/, (w): w € V} and w <p vO}. 
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© If Q’NF\Q#2, then v0 € V! and U,(v0) = Q”NF\ Q. 
e If Q” \ (FUQ) Z Ø, then vl € V? and U’,(vl) = Q” \ (FUQ). 


As a consequence of Lemma 2.6, we have: 


Corollary 2.7. Let æ be a Büchi automaton and u an infinite word over 
the same alphabet. Then u € Y (A) iff Zi contains an acceptance witness. 


Since Jl is a tree of width at most |Q|, it has at most |Q| infinite 
branches. So u is not accepted by æ if and only if there is some number n 
such that b(i) is not a left turn for all infinite branches b of Z/. This fact 
can be used to construct a Biichi automaton for the complement language, 
as is shown in what follows. 


2.2.2 The complementation construction 
Let n be an arbitrary natural number and vo <q U1 <ift --- <1ft Ur—1 be 
such that {vo,...,Ur-i} = {v € VJ: |v] = n}, that is, vo,...,Ur—1 is the 
sequence of all vertices on level n of Zf, from left to right. We say that 
l (vg)... U,(vp—1), which is a word over the alphabet 2°, is slice n of Z. 
It is straightforward to construct slice n + 1 from slice n, simply by 
applying the transition relation to each element of slice n and removing 
multiple occurrences of states just as with the construction of Zf. Suppose 
Qo... Qr—1 is slice n and a = u(n). Let Qo,...,Qb,_1 be defined by 


Qo; = A(Qi,a) N F \ Qi, Qoi41 = A(Qi, a) \ (FUQi), 


where Q; = Uj; <2; Qj. Further, let jo < jı < +++ < js—1 be such that 
{jo,---,Jjs-1} = {j < 2r: Q}; # Ø}. Then Qh -Qj isslicen+1 of Fi. 
This is easily seen from the definition of the reduced run tree. 

We say that a tuple U = Qo... Qr—1 is a slice over Q if 9 4 Q; CQ 
holds for i < r and if Q; N Q; = Ø for all i,j < r with i 4 j. The sequence 
Qio --- Q}, from above is said to be the successor slice for U and a and is 
denoted by dsic(Qo --- Qr—1, @). 

The automaton for the complement of Y(./), denoted ©, works as 
follows. First, it constructs slice after slice as it reads the given input word. 
We call this the initial phase. At some point, it guesses 


(i) that it has reached slice n or some later slice, with n as described right 
after Corollary 2.7, and 


(ii) which components of the slice belong to infinite branches. 


The rest of its computation is called the repetition phase. During this phase 
it carries out the following process, called verification process, over and 
over again. It continues to construct slice after slice, checking that (i) the 
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components corresponding to vertices on infinite branches all continue to 
the right (no left turn anymore) and (ii) the components corresponding to 
the other branches die out (do not continue forever). The newly emerging 
components corresponding to branches which branch off to the left from 
the vertices on the infinite branches are marked. As soon as all branches 
supposed to die out have died out, the process starts all over again, now 
with the marked components as the ones that are supposed to die out. 

To be able to distinguish between components corresponding to infi- 
nite branches, branches that are supposed to die out, and newly emerging 
branches, the components of the slice tuples are decorated by inf, die, or 
new. Formally, a decorated slice is of the form (Qo...Q,r—1, fo.-- fr—1) 
where Qo... Qr-1 is a slice and f; € {inf, die, new} for i < r. A decorated 
slice where f; # die for all i < r is called final. 

The definition of the successor of a decorated slice is slightly more in- 
volved than for ordinary slices, and such a successor may not even exist. 
Assume a decorated slice as above is given, let V stand for the entire slice 
and U for its first component (which is an ordinary slice). Let the Q‘’s and 
Ji's be defined as above. The successor slice of V with respect to a, denoted 
da(V,a), does not exist if there is some 7 < r such that Q5,,, = Ø and 
fi = inf, because this means that a branch guessed to be infinite and with- 
out left turn dies out. In all other cases, da(V,@) = (dsic(U, a), fj, --- Fisa) 
where the f;’s are defined as follows, depending on whether the automaton 
is within the verification process (V is not final) or at its end (V is final): 


Slice V is not final. Then f3 = f:41 = fi for every i < r, except when 
fi = inf. In this case, fl; = new and fai = fi. 


Slice V is final. Then fj; = f3;,,; = die for every i < r, except when 
fi = inf. In this case, f3;}1 = inf and f}; = die. 


These choices reflect the behavior of the automaton as described above. 

To describe the transition from the first to the second phase formally, 
assume U is a slice and a € A. Let A,(U,a) contain all decorated slices 
(6sic(U, a), fo --- fs—1) where f; € {inf, die} for i < s. This reflects that the 
automaton guesses that certain branches are infinite and that the others are 
supposed to die out. The full construction of © as outlined in this section 
is described in Figure 5. A simple upper bound on its number of states is 
(3n)”. 


Using LE to denote the complement of a language, we can finally state: 


Theorem 2.8. Let æ be a Biichi automaton with n states. Then & isa 
Biichi automaton with (3n)” states such that Z(W/°) = L(A). 
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Let & be a Biichi automaton. The Biichi automaton € is 
defined by 


AS = (A, QUQI, Qr, A’, F’) 
where the individual components are defined as follows: 


Q? = set of slices over Q, 
Q? = set of decorated slices over Q, 
F’ = set of final decorated slices over Q, 


and where for a given a € A the following transitions belong 
to A’: 


e (U, a, dsic(U, a)) for every U € Q5, 
e (U,a,V) for every U € Q§ and V € A,(U,a), 


e (V,a, ôa(V,a)) for every V € Q, provided da(V, a) is 
defined. 


FIGURE 5. Complementing a Biichi automaton 


2.3 Determinization of Biichi automata 


As noted above, determinstic Biichi automata are strictly weaker than non- 
deterministic ones in the sense that there are w-languages that can be recog- 
nized by a nondeterministic Biichi automaton but by no deterministic Büchi 
automaton. (Following classical terminology, a Biichi automaton is called 
deterministic if |Q;| = 1 and there is a function 6: Q x A — Q such that 
A = {(q,a,ô(q,a)):a E AAg E€ Q}.) It turns out that this is due to the 
weakness of the Büchi acceptance condition. When a stronger acceptance 
condition—such as the parity condition—is used, every nondeterministic 
automaton can be converted into an equivalent deterministic automaton. 
The determinization of Biichi automata has a long history. After a 
flawed construction had been published in 1963 [89], McNaughton, in 1966 
[85], was the first to prove that every Biichi automaton is equivalent to a de- 
terministic Muller automaton, a model of automata on infinite words with 
an acceptance condition introduced in Muller’s work. In [43, 42], Emer- 
son and Sistla described a determinization construction that worked only 


646 M. Y. Vardi, Th. Wilke 


for a subclass of all Biichi automata. Safra [105] was the first to describe 
a construction which turns nondeterministic Biichi automata into equiva- 
lent deterministic Rabin automata—a model of automata on infinite words 
with yet another acceptance condition—which has optimal complexity in 
the sense that the size of the resulting automaton is 2°(!°8™ and one can 
prove that this is also a lower bound [86]. In 1995, Muller and Schupp [91] 
presented a proof of Rabin’s Theorem via an automata-theoretic construc- 
tion which has an alternative determinization construction with a similar 
complexity built-in; Kahler [76] was the first to isolate this construction, see 
also [1]. Kahler [76] also showed that based on Emerson and Sistla’s con- 
struction one can design another determinization construction for all Büchi 
automata which yields automata of size 2°18”), too. In 2006, Piterman 
[97] showed how Safra’s construction can be adapted so as to produce a 
parity automaton of the same complexity. 

The determinization construction described below is obtained by apply- 
ing Piterman’s improvement of Safra’s construction to Muller and Schupp’s 
determinization construction. We first introduce parity automata, then 
continue our study of the reduced acceptance tree, and finally describe the 
determinization construction. 


2.3.1 Parity automata 

A parity automaton is very similar to a Btichi automaton. The only differ- 
ence is that a parity automaton has a more complex acceptance condition, 
where every state is assigned a natural number, called priority, and a run 
is accepting if the minimum priority occurring infinitely often (the limes 
inferior) is even. States are not just accepting or rejecting; there is a whole 
spectrum. For instance, when the smallest priority is even, then all states 
with this priority are very similar to accepting states in Biichi automata: If 
a run goes through these states infinitely often, then it is accepting. When, 
on the other hand, the smallest priority is odd, then states with this prior- 
ity should be viewed as being the opposite of an accepting state in a Butchi 
automaton: If a run goes through these states infinitely often, the run is 
not accepting. So parity automata allow for a finer classification of runs 
with regard to acceptance and rejection. 

Formally, a parity automaton is a tuple 


A = (A, Q, Q1, A, T) 


where A, Q, Qr, and A are as with Büchi automata, but 7 is a function 
Q — w, which assigns to each state its priority. Given an infinite sequence 
r of states of this automaton, we write val, (r) for the limes inferior of the 
sequence m(r(0)),r(r(1)),... and call it the value of the run with respect 
to m. Since Q is finite, the value of each run is a natural number. A run 
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FIGURE 6. Deterministic parity automaton. The values in the circles next 
to the names of the states are the priorities. 


r of & is accepting if its value is even. In other words, a run r of & is 
accepting if there exists an even number v and a number k such that 


(i) x(r(j)) > v for all j > k and 
(ii) a(r(j)) = v for infinitely many j > k. 


Consider, for example, the parity automaton depicted in Figure 6. It 
recognizes the same language as the Biichi automaton in Figure 2. 

As far as nondeterministic automata are concerned, Biichi automata 
and parity automata recognize the same languages. On the one hand, every 
Biichi automaton can be viewed as a parity automaton where priority 1 is 
assigned to every non-final state and priority 0 is assigned to every final 
state. (That is, the parity automaton in Figure 6 can be regarded as a 
deterministic Biichi automaton.) On the other hand, it is also easy to 
see that every language recognized by a parity automaton is recognized by 
some Büchi automaton: The Büchi automaton guesses a run of the parity 
automaton and an even value for this run and checks that it is indeed the 
value of the run. To this end, the Büchi automaton runs in two phases. In 
the first phase, it simply simulates the parity automaton. At some point, it 
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Let & be a parity automaton. The Biichi automaton AP" 
is defined by 


AP™ = (A,QUQ x E,Qr, AUA, {(q,k): (4) = k}) 
where E = {r (q): q € QA T(q) mod 2 = 0} and A’ contains 


e (g,a,(q',k)) for every (g,a,q’) € A, provided k € E, 
and 


e ((¢,k),a,(q',k)) for every (g,a,q') E A, provided 
n(q') > kand k E€ E. 


FIGURE 7. From parity to Büchi automata 


concludes the first phase, guesses an even value, and enters the second phase 
during which it continues to simulate the parity automaton but also verifies 
(i) and (ii) from above. To check (i), the transition relation is restricted 
appropriately. To check (ii), the Büchi acceptance condition is used. This 
leads to the construction displayed in Figure 7. The state space has two 
different types of states: the states from the given Büchi automaton for the 
first phase and states of the form (q, k) where q € Q and k is a priority for 
the second phase. The priority in the second component never changes; it 
is the even value that the automaton guesses. 


Remark 2.9. Let æ% be a parity automaton with n states and k different 
even priorities. Then the automaton AP®™ is an equivalent Büchi automaton 
with (k + 1)n states. 


2.3.2 Approximating reduced run trees 
Let & be a Biichi automaton as above and u € A” an infinite word. The 
main idea of Muller and Schupp’s determinization construction is that the 
reduced acceptance tree, Z’, introduced in Section 2.2.1, can be approx- 
imated by a sequence of trees which can be computed by a deterministic 
finite-state automaton. When these approximations are adorned with addi- 
tional information, then from the sequence of the adorned approximations 
one can read off whether there is an acceptance witness in the reduced 
acceptance tree, which, by Remark 2.5, is enough to decide whether u is 
accepted. 

For a given number n, the nth approximation of .7/, denoted 7%”, is the 
subgraph of Z! which consists of all vertices of distance at most n from the 
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root and which are on a branch of length at least n. Only these vertices can 
potentially be on an infinite branch of Fj. Formally, Z? is the subtree of 
J| consisting of all vertices v € V/ such that there exists w € V! satisfying 
V prf w and |w| = n, where <prf denotes the prefix order on words. 

Note that from Lemma 2.6 we can conclude: 


Remark 2.10. When u is accepted by æ, then for every n the prefix of 
length n of b, is a branch of Fr. 


The deterministic automaton to be constructed will observe how ap- 
proximations evolve over time. There is, however, the problem that, in 
general, approximations grow as n grows. But since every approximation 
has at most |Q] leaves, it has at most |Q| — 1 internal vertices with two 
successors—all other internal vertices have a single successor. This means 
that their structure can be described by small trees of bounded size, and 
only their structure is important, except for some additional information of 
bounded size. This motivates the following definitions. 

A segment of a finite tree is a maximal path where every vertex except 
for the last one has exactly one successor, that is, it is a sequence vp... Ur 
such that 


(i) the predecessor of vp has two successors or vo is the root, 
(ii) v; has exactly one successor for i < r, and 
(iii) v, has exactly two successors or is a leaf. 


Then every vertex of a given finite tree belongs to exactly one segment. 

A contraction of a tree is obtained by merging all vertices of a segment 
into one vertex. Formally, a contraction of a finite tree Y in implicit form 
is a tree @ together with a function c: V7 — VÝ, the contraction map, 
such that the following two conditions are satisfied: 


(i) Forallv,w € V7, c(v) = c(w) iff v and w belong to the same segment. 


When p is a segment of J and v one of its vertices, we write c(p) for 
c(v) and we say that c(v) represents p. 


(ii) For all v € V7 andi < 2, if vi € V7 and c(v) ¥ c(vi), then 
suc? (c(v), c(vi)). 


Note that this definition can easily be adapted to the case where the given 
tree is not in implicit form. 

We want to study how approximations evolve over time. Clearly, from 
the nth to the (n+ 1)st approximation of J? segments can disappear, sev- 
eral segments can be merged into one, new segments of length one can 
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emerge, and segments can be extended by one vertex. We reflect this in 
the corresponding contractions by imposing requirements on the domains 
of consecutive contractions. 

A sequence @,@,,... of contractions with contraction maps co, C1,... 
is a contraction sequence for u if the following holds for every n: 


(i) Ga is a contraction of the nth approximation of Z. 


(ii) Let p and p' be segments of 7,” and 7,"*1, respectively. If p is a 
prefix of p’ (including p = p’), then ¢n11(p’) = cn(p) and p’ is called 
an extension of pin n+ 1. 


(iii) If p’ is a segment of %"*! which consists of vertices not belonging 
to Z, then cn+1(p') ¢ V, where V® denotes the set of vertices of 
Cn. 


Since we are interested in left turns, we introduce one further notion. As- 
sume that p and p’ are segments of Z” and 7,”*1, respectively, and p is a 
prefix of p’, just as in (ii) above. Let p” be such that p' = pp”. We say that 
Cn+1(p’) (which is equal to c,(p)) is left extending in n + 1 if there is a left 
turn in p”. 


For a graphical illustration, see Figure 8. 


We can now give a characterization of acceptance in terms of contraction 
sequences. 


Lemma 2.11. Let @,@,... be a contraction sequence for an infinite word 
u with respect to a Biichi automaton <. Then the following are equivalent: 


(A) & accepts u. 
(B) There is a vertex v such that 


(a) v e V for almost all n and 


(b) v is left extending in infinitely many n. 


Proof. For the implication from (A) to (B), we start with a definition. We 
say that a segment p of the nth approximation is part of b„, the left-most 
acceptance witness, if there are paths pp and pı such that buy = poppi. We 
say a vertex v represents a part of b, if there exists 7 such that for all j > i 
the vertex v belongs to V® and the segment represented by v is part of by. 
Observe that from Remark 2.10 we can conclude that the root of @ is such 
a vertex (where we can choose i = 0). Let V be the set of all vertices that 
represent a part of b, and assume i is chosen such that v € VŽ for all j > i 
and all v € V. Then all elements from V form the same path in every @; 
for j > i, say U9...U, is this path. 
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Depicted is the beginning of the contraction sequence for u = bbaaab... with 
respect to the automaton from Figure 4. Note that, just as in Figure 4, we simply 
write q; for {qi}. 


FIGURE 8. Contraction sequence 
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If the segment representing v, is infinitely often extended, it will also be 
extended by a left turn infinitely often (because b,, is an acceptance witness), 
so Ur will be left extending in infinitely many i. 

So assume that v, is not extended infinitely often and let i’ > i be 
such that the segment represented by vr is not extended any more for j > 
i’. Consider G41. Let v’ be the successor of v, such that the segment 
represented by v’ is part of bu, which must exist because of Remark 2.10. 
Clearly, for the same reason, v’ will be part of V® for j > i/ + 1, hence 
v’ € V—a contradiction. 

For the implication from (B) to (A), let v be a vertex as described in (B), 
in particular, let i be such that v € V® for all j > i. For every j > i, let pf 
be the segment represented by v in @;. Since pi Sprt pt1 Sprf pit? oar eee 
we know there is a vertex w such that every p’, for j > i, starts with w. 
Since the number of left turns on the p’’s is growing we know there is an 
infinite path d starting with w such that pi <pre d for every j > i and 
such that d is a path in JZ; with infinitely many left turns. The desired 
acceptance witness is then given by the concatenation of the path from the 
root to w, the vertex w itself excluded, and d. Q.E.D. 


2.3.3 Muller—Schupp trees 

The only thing which is left to do is to show that a deterministic finite-state 
automaton can construct a contraction sequence for a given word u and 
that a parity condition is strong enough to express (2.11) from Lemma 2.11. 
It turns out that when contractions are augmented with additional infor- 
mation, they can actually be used as the states of such a deterministic 
automaton. This leads us to the definition of Muller—Schupp trees. 

Before we get to the definition of these trees, we observe that every 
contraction has at most |Q] leaves, which means it has at most 2|Q| — 1 
vertices. From one contraction to the next in a sequence of contractions, at 
most |Q| new leaves—and thus at most |Q| new vertices—can be introduced. 
In other words: 


Remark 2.12. For every infinite word u, there is a contraction sequence 
bo, Ga... such that VŽ: C V for every i for the same set V with 3|Q| 
vertices, in particular, V = {0,...,3]Q| — 1} works. 


A Muller-Schupp tree for & is a tuple 
M = (C, la, li, R, h) 
where 
e @ is a contraction with V® C {0,...,3|Q|— 1}, 


e 1,: lvs(@) — 2° is a leaf labeling, 
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e lı: VĒ — {0,1,2} is a left labeling, 


e RE {0,...,3]Q| — 1}* is a latest appearance record, a word without 
multiple occurrences of letters, and 


e h < |R] is the hit number. 


To understand the individual components, assume 6p, 64,... is a contrac- 
tion sequence for u with V® C {0,...,3|Q| — 1} for every n. (Recall that 
Remark 2.12 guarantees that such a sequence exists.) The run of the deter- 
ministic automaton on u to be constructed will be a sequence %,M%,... 
of Muller-Schupp trees Mn = (Gn, lg, 17, R”, h”), such that the following 
conditions are satisfied, where cn» denotes the contraction map for Gn: 
Leaf labeling. For every n and every leaf v € lvs(.%"), the labeling of v will 
be the same as the labeling of the vertex of the segment representing the 
segment of this leaf, that is, lọ (cn(v)) = U,(v). 


Left labeling. For every n and every v € V®: 
(i) if v represents a segment without left turn, then ln(v) = 0, 
(ii) if v is left extending in n, then l? (v) = 2, and 
(iii) I? (v) = 1 otherwise. 


Clearly, this will help us to verify (b) from Lemma 2.11(2.11). 


Latest appearance record. The latest appearance record R” gives us the 
order in which the vertices of Gn have been introduced. To make this more 
precise, for every n and v € V®", let 


da (v) = min{i: v € V® for all j such that i < j < n} 


be the date of introduction of v. Then R” is the unique word v0... U;—1 
over V®" without multiple occurrences such that 


e {v9,..-,Up-1} =V™, 


e either dn(vj) = dn(vk) and vj < vp or dn(vj) < dn(vk), for all j and 
k such that j < k <r. 


We say that v € V® has index j if R” (j) = v. 

Hit number. The hit number h” gives us the number of vertices whose 
index has not changed. Let R” = vo ...Ur—1ı as above. The value h” is the 
maximum number < r such that d,(v;) < n for j < h. In other words, the 


hit number gives us the length of the longest prefix of R” which is a prefix 
of RT, 
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We need one more definition before we can state the crucial property 
of Muller-Schupp trees. Let @ be any Muller-Schupp tree as above and 
m the minimum index of a vertex with left labeling 2 (it is left extending). 
If such a vertex does not exist, then, by convention, m = n. We define 
n( M), the priority of M, as follows. If m < h, then 7(.W) = 2m, and else 
T(M) = 2h +1. 


Lemma 2.13. Let & be a Biichi automaton, u a word over the same 
alphabet, and .@,-@,... a sequence of Muller-Schupp trees satisfying the 
above requirements (leaf labeling, left labeling, latest appearance record, hit 
number). Let p° = val, (oMi ...), that is, the smallest value occurring 
infinitely often in 7(-%@)m(.M@,).... Then the following are equivalent: 


(A) & accepts u. 
(B) p° is even. 


Proof. For the implication from (A) to (B), let v be a vertex as guaranteed 
by (B) in Lemma 2.11. There must be some n and some number i such that 
v = RG) = RG) =... and R" 0,7] = R”+t![0,i] = .... This implies 
hd > i for all j > n, which means that if pf is odd for some j > n, then 
p) > 2i. In addition, since v is left extending for infinitely many j, we have 
p) < 2i and even for infinitely many j. Thus, p® is an even value (less than 
or equal to 2%). 

For the implication from (B) to (A), assume that p° is even and n is 
such that pî > p® for all j > n. Let n! > n be such that p™ = p% 
and let v be the vertex of Gw’ which gives rise to p” (left extending with 
minimum index). Then v € V® for all j > n’ and v has the same index in 
all these 6}. That is, whenever p = p® for j > n’, then v is left extending. 
So (B) from Lemma 2.11 is satisfied and we can conclude that u is accepted 
by &. Q.E.D. 


2.3.4 The determinization construction 
In order to arrive at a parity automaton, we only need to convince our- 
selves that a deterministic automaton can produce a sequence Mo, M%,... 
as above. We simply describe an appropriate transition function, that is, 
we assume a Muller-Schupp tree .@ and a letter a are given, and we de- 
scribe how .@’ is obtained from æ such that if M = Mna and a = u(n), 
then “& = Mn+1. This is, in principle, straightforward, but it is somewhat 
technical. One of the issues is that during the construction of %4’ we have 
trees with more than 3 |Q| vertices. This is why we assume that we are also 
given a set W of 2|Q| vertices disjoint from {0,...,3/Q|— 1}. 

A Muller-Schupp tree .@’ is called an a-successor of .@ if it is obtained 
from @ by applying the following procedure. 
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(i) Let View = {0,...,3 Q|- 1} \ VŽ. 
(ii) To each leaf v, add a left and right successor from W. 
Let wo,...,W2r—1 be the sequence of these successors in the order 
from left to right. 
(iii) For i = 0 to r — 1, do: 
(a) Let v be the predecessor of wz; and Q’ = I(wo) U- -- Ul(wai-1). 
(b) Set la(wzi) = A(,(v),a) A F \ Q' and 14(woie1) = Alla), a) \ 
(FUQ)). 
(c) Set Iq(wai) = 2 and Iq(wai41) = 0. 
(iv) Remove the leaf labels from the old leaves, that is, make J, unde- 
fined for the predecessors of the new leaves. Mark every leaf which 


has label @. Recursively mark every vertex whose two successors are 
marked. Remove all marked vertices. 


(v) Replace every nontrivial segment by its first vertex, and set its left 
labeling to 
(a) 2 if one of the other vertices of the segment is labeled 1 or 2, 
(b) 0 if each vertex of the segment is labeled 0, and 


(c) 1 otherwise. 
(vi) Replace the vertices from W by vertices from Vnew- 


(vii) Let Ro be obtained from R by removing all vertices from ve \ ve 
from R and let Rı be the sequence of all elements from V \ V 
according to the order < on V. Then R’ = Ro Rj. 


(viii) Let h’ < |R| be the maximal number such that R(i) = R’ (i) for all 
ae 


The full determinization construction is given in Figure 9. Summing up, we 
can state: 


Theorem 2.14. (McNaughton-Safra-Piterman, [17, 105, 97]) Let W be a 
Biichi automaton with n states. Then /%* is an equivalent deterministic 
parity automaton with 2°("!°s”) states and 2n + 1 different priorities. 


Proof. The proof of the correctness of the construction described in Figure 9 
is obvious from the previous analysis. The claim about the size of the re- 
sulting automaton can be established by simple counting arguments. Q.E.D. 
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Let & be a Biichi automaton. The deterministic parity au- 
tomaton ./4* is defined by 


tet = (A, M, Mr, 6,7) 
where 
e M is the set of all Muller—Schupp trees over Q, 


e lı is the Muller-Schupp tree with just one vertex and 
leaf label Qz, 


e ô is such that 6(.@,a) is an a-successor of .@ (as de- 
fined above), and 


e 7 is the priority function as defined for Muller-Schupp 
trees. 


FIGURE 9. Determinization of a Büchi automaton 


The previous theorem enables us to determine the expressive power of 
WSIS: 


Corollary 2.15. There exists an effective procedure that given an S15 
formula y = y(Vo,..-;Vm—1) produces a formula w such that Z(Y) = 
Z“ (p). In other words, every S1S formula is equivalent to a WS1S formula. 


Sketch of proof. Given such a formula y, one first uses Btichi’s Theorem to 
construct a Biichi automaton æ% such that 2(y) = L(x). In a second 
step, one converts æ% into an equivalent deterministic parity automaton Z&, 
using the McNaughton-Safra—Piterman Theorem. The subsequent step is 
the crucial one. Assume Q’ = {qo,.--,@n—1} and, for every u €E [2]%,, let ru 
be the (unique!) run of Z on u. For every i < n, one constructs a formula 
pi = vila) such that u,j H Yi(x) if and only if ru(j) = qi for u € [2]%, 
and j € w. These formulas can be built as in the proof of part 2 of Biichi’s 
Theorem, except that one can restrict the sets X; to elements < j, so weak 
quantification is enough. Finally, the formulas y;(a) are used to express 
acceptance. Q.E.D. 


2.4 The Bichi-Landweber Theorem 


The last problem remaining from the problems listed at the beginning of 
this section is realizability, also known as Church’s problem [23, 24]. In our 
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context, it can be formalized more precisely as follows. 

For letters a € [2] and b € [2]n, we define a^b € [2] min by (a7b) pj = 
ajj for i < m and aM by = bm for i with m < i < m+n. Similarly, when 
u and v are words of the same length over [2]°° and [2]°°, respectively, then 
u^v is the word over [2]m+n with the same length defined by (u^v)(i) = 
u(i) v(2) for all i < |u|. Realizability can now be defined as follows: Given 
a formula 


g= p(Xo, ag , Xm-1, Yo, . a Yasi 


determine whether there is a function f: [2]}, — [2], such that u^v = » 
holds for every u € [2]¥, and v € [2]? defined by v(i) = f(uf0, i]). 

Using the traditional terminology for decision problems, we say that ọ is 
an instance of the realizability problem, f is a solution if it has the desired 
property, and ¢ is a positive instance if it has a solution. 

Observe that the function f represents the device that produces the 
output in Figure 1: After the device has read the sequence ag...a, of bit 
vectors (with m entries each), it outputs the bit vector f(ap...a,) (with n 
entries). 

In the above definition of realizability, we do not impose any bound on 
the complexity of f. In principle, we allow f to be a function which is not 
computable. From a practical point of view, this is not very satisfying. A 
more realistic question is to ask for a function f which can be realized by a 
finite-state machine, which is a tuple 


M = (A, B,S,s81,6,2) 


where A is an input alphabet, B is an output alphabet, S is a finite set of 
states, sz € S the initial state, 6: S x A — S the transition function, and 
A: S — B the output function. To describe the function realized by W we 
first define 6*: A* — S by setting 6(€) = sz and 6*(ua) = 6(6*(u), a) for all 
u E€ A* anda € A. The function realized by .@, denoted fø, is defined by 
falu) = A(6*(s7,u)) for every u € AT. 

A solution f of an instance of the realizability problem is called a finite- 
state solution if it is realized by a finite-state machine. 

Finite-state realizability is the variant of realizability where one is in- 
terested in determining whether a finite-state solution exists. We later see 
that there is no difference between realizability and finite-state realizability. 

Several approaches have been developed to solving realizability; we fol- 
low a game-based approach. It consists of the following steps: We first 
show that realizability can be viewed as a game and that solving realiz- 
ability means deciding who wins this game. We then show how the games 
associated with instances of the realizability problem can be reduced to fi- 
nite games with a standard winning objective, namely the parity winning 
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condition. Finally, we use known results on finite games with parity winning 
conditions to prove the desired result. 


2.4.1 Game-theoretic formulation 

There is a natural way to view the realizability problem as a round-based 
game between two players, the environment and the (device) builder. In 
each round, the environment first provides the builder with an input, a 
vector a € [2], and then the builder replies with a vector b € [2],,, resulting 
in a combined vector a~b. In this way, an infinite sequence of vectors is 
constructed, and the builder wins the play if this sequence satisfies the 
given S1S formula. Now, the builder has a winning strategy in this game if 
and only if the instance of the realizability problem we are interested in is 
solvable. 


We make this more formal in what follows. A game is a tuple 
G= (Po, Pi, pr, M,Q) 


where P is the set of positions owned by Player 0, P; is the set of positions 
owned by Player 1 (and disjoint from Po), pr € PoUP, is the initial position, 
M C (Po U Pi) x (Po U P,) is the set of moves, and Q C (Po U P,)” is the 
winning objective for Player 0. The union of Po and P; is the set of positions 
of the game and is denoted by P. 

A play is simply a maximal sequence of positions which can be obtained 
by carrying out moves starting from the initial position, that is, it is a word 
u € P+ U P” such that u(0) = pr, (uli), u(i + 1)) € M for every i < Jul, 
and if |u| < w, then there is no p such that (u(*),p) € M. This can also be 
thought of as follows. Consider the directed graph (P, M), which is called 
the game graph. A play is simply a maximal path through the game graph 
(P, M) starting in pr. 

A play u is a win for Player 0 if u € QU P* P}, else it is a win for Player 1. 
In other words, if a player cannot move he or she loses early. 

A strategy for Player a are instructions for Player œ how to move in every 
possible situation. Formally, a strategy for Player a is a partial function 
o: P* P, — P which 


(i) satisfies (u(*),o(u)) € M for all u € dom(c) and 


(ii) is defined for every u € P*P, N prP* satisfying u(i + 1) = o(uf0,7]) 
for all i < |u| — 1 where u(i) € Pa. 


Observe that these conditions make sure that a strategy is defined when 
Player a moves according to it. A play u is consistent with a strategy o if 
u(t +1) = o(ul0,2]) for all i such that u(i) € Py. A strategy o is called a 
winning strategy for Player a if every play consistent with o is a win for 
Player a. We then say that Player a wins the game. 
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Let y = y(Xo,.--,Xm-1,; Yo,---;Y¥n—-1) be an S1S formula. 
The game [y] is defined by 


Flip] = ([2m, {Pr} U [2]n, pr, M, 9) 


where py is some initial position not contained in [2], U [2]n 
and 


M = ([2]m  [2]n) U (Qpr? U [2]n) x [2]m), 


Q = {pruovo ... : (uovo) (ui v)... H p} 


FIGURE 10. Game for a realizability instance 


The analogue of a finite-state solution is defined as follows. A strategy 
o for Player a is finite-memory if there exists a finite set C, called memory, 
an element myr € C, the initial memory content, a function u: C x P > C, 
called update function, and a function £: C x Py — P such that o(u) = 
E(u* (u), u(*)) for every u € dom(c), where u* is defined as 6* above. That 
is, the moves of Player a depend on the current memory contents and the 
current position. 

An even stronger condition than being finite-state is being memoryless. 
A strategy ø is memoryless if it is finite-state for a memory C which is a 
singleton set. As a consequence, if o is memoryless, then o(up) = o(u’p) 
for all u,u’ € P* with up,u’p € dom(c). So in this case, we can view a 
strategy as a partial function P, — P. In fact, we use such functions to 
describe memoryless strategies. 

We can now give the game-theoretic statement of the realizability prob- 
lem. For an instance y, consider the game Y[y] described in Figure 10. 


Lemma 2.16. Let y = y(Xo,..., Xm-1, Yo,---; Yn—1) be an S1S formula. 
Then the following are equivalent: 


(A) The instance y of the realizability problem is solvable. 
(B) Player 0 wins the game ¥[y]. 


Moreover, is a positive instance of finite-state realizability if and only if 
Player 0 has a finite-memory winning strategy in Y[y]. 


Proof. For the implication from (A) to (B), let f: [2]*, — [2], be the 
solution of an instance y of the realizability problem. We define a par- 


660 M. Y. Vardi, Th. Wilke 


tial function o: pr([2]m[2]n)*[2]m — [2]n by setting o(praobı ...b-_1a,) = 
f(ao...@r) where a; € [2]m for i < r and b; € [2], for j < r. It is easy to 
see that o is a winning strategy for Player 0 in Y[y]. Conversely, a win- 
ning strategy o for Player 0 can easily be transformed into a solution of the 
instance y of the realizability problem. 

To prove the additional claim, one simply needs to observe that the 
transformations used in the first part of the proof convert a finite-state 
solution into a finite-ememory strategy, and vice versa. The state set of the 
finite-state machine used to show that a solution to the realizability problem 
is finite-state can be used as memory in a proof that the winning strategy 
constructed above is finite-memory, and vice versa. Q.E.D. 


In our definition of game, there is no restriction on the winning objective 
Q, but since we are interested in winning objectives specified in S15, we 
focus on parity winning conditions—remember that every S1S formula can 
be turned into a deterministic parity automaton. It will turn out that 
parity conditions are particularly apt to an algorithmic treatment while 
being reasonably powerful. 


2.4.2 Reduction to finite parity games 

A winning objective Q of a game Ẹ is a parity condition if there is a natural 
number n and a function 7: P — n such that u € Q iff val,(u) mod 2 = 0 
for all u € P”. If this is the case, we replace Q by m and speak of a parity 
game. 

We next show that if Q is a winning objective and & a deterministic 
parity automaton such that @(.2) = ©, then we can “expand” a game 
g with winning objective Q into a parity game, simply by running æ% in 
parallel with the moves of the players. The respective product construction 
is given in Figure 11. 


Lemma 2.17. Let ¥ be a finite game and & a deterministic parity au- 
tomaton such that #(2) = N. Then the following are equivalent: 


(A) Player 0 wins 4. 
(B) Player 0 wins Y x &. 


Moreover, there exists a finite-memory winning strategy for Player 0 in ¥ 
iff there exists such a strategy in Y x &. 


Proof. The proof is straightforward. We transform a winning strategy for 
Player 0 in Y into a winning strategy for Player 0 in Y x & and vice versa. 

First, we define u? for every u € P* to be a word of the same length 
where the letters are determined by u°(i) = (u(i),6*(qz, ul0, i])) for every 
i< ful. 
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Let Y be a game and & a deterministic parity automaton 
with alphabet P such that Z (£) = Q. The expansion of ¥ 
by & is the game 


G x A= (Po x Q, Pı x Q, (pr, 41), M’, T’) 
where 
M' = {((p,q), (pP, ôlq,p'))): q E QA (p,p) € A} 


and 7'((p,q)) = 7(q) for all p € P and q E Q. 


FIGURE 11. Product of a game with a deterministic parity automaton 


Let o: P* Po — P be a winning strategy for Player 0 in Y. We transform 
this into 0’: (P x Q)*(P) x Q) = P x Q by letting o’(u*) = o(u) for every 
u € dom(c). It is easy to check that this defines a strategy and that this 
strategy is indeed winning. 

Given a winning strategy o’: (P x Q)*(Py x Q) — P x Q, we define a 
winning strategy 0: P* Py — P for Player 0 simply by forgetting the second 
component of the positions. That is, for every u such that u? € dom(a’) we 
set a(u) = o’(u®). Observe that this does not lead to any ambiguities, that 
is, ø is well-defined, because & is a deterministic automaton. It is easy to 
check that this defines a strategy and that this strategy is indeed winning. 

If we have a finite-memory strategy o for Y, say with memory C, we 
can use the same memory C and a modified update function to show that 
a’ as defined above is finite-state. Conversely, if we have a finite-memory 
strategy o’, say with memory C, we can use memory Q x C to show that o 
as constructed above is finite-memory, too. Q.E.D. 


Corollary 2.18. Let y = p(Xo,...,Xm-1, Yo,---; Yn—1) be an instance of 
the realizability problem for S1S and & a deterministic parity automaton 
recognizing (p). Then the following are equivalent: 


(A) The instance y of the realizability problem is solvable. 
(B) Player 0 wins the game Y¥ x &. 


Moreover, if Player 0 has a finite-memory winning strategy in Y x æ, then 
ọ has a finite-state solution. 


Using the fact that it can be determined effectively whether Player 0 
wins a finite parity game (see Theorem 2.20 below), we obtain: 
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Theorem 2.19 (Biichi-Landweber, [19]). The realizability problem is de- 
cidable for $15. 


2.4.3 Background on games 
In this section, we provide background on games, which we already used to 
solve Church’s problem and which we need in various places. 

Since plays of games may be infinite, it is not at all clear whether in a 
given game one of the two players has a winning strategy, that is, whether 
the game has a winner. When this is the case one says that the game 
is determined. It is said to be memoryless determined if there exists a 
memoryless winning strategy. 


Theorem 2.20 (Emerson-Jutla-Mostowski, [40, 88]). Every parity game is 
memoryless determined. 


That every parity game is determined follows immediately from a result 
by Martin [82]. 

For S1S realizability it is enough to know that the winner in a parity 
game can be effectively determined. In a later section, we need to know 
more about the computational complexity of this problem, in particular, 
we need to know how it depends on the number of priorities occurring in a 
game: 


Theorem 2.21 (Jurdziriski, [62]). Every parity game with n positions, m 
edges, and at most d different priorities in every strongly connected com- 
ponent of its game graph can be decided in time O(n + mnl4/2J) and an 
appropriate memoryless winning strategy can be computed within the same 
time bound. 


2.5 Notes 


Biichi’s Theorem has been the blueprint for many theorems characterizing 
monadic second-order logic by automata. The most important theorem to 
mention is Rabin’s Theorem [100], which extends Biichi’s Theorem to the 
monadic theory of two successor functions and is the subject of the next 
section. Other early results, besides the Biichi-Elgot—Trakthenbrot theo- 
rem and Biichi’s Theorem, are a result by Biichi [18] on ordinals and a 
result by Doner [31] (see also Thatcher and Wright [115]), which character- 
izes monadic second-order logic over finite trees in terms of automata and 
allows to prove that the weak monadic theory of two successor relations 
is decidable. Later results deal, for instance, with finite and infinite traces 
(certain partial orders) [119, 33], see also [30], pictures (matrices with letters 
as entries) [51], see also [50, 83], and weighted automata [32]. In some of 
these cases, the proofs are much harder than for $15 and Büchi automata. 

When establishing a characterization of automata in terms of monadic 
second-order logic, proving part 2—the description of the behavior of an 
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automaton by a monadic second-order formula—is straightforward very of- 
ten and leads to existential monadic second-order formulas, just as for S15. 
The other direction—from full monadic second-order logic to automata— 
fails, however, for various automaton models because closure under com- 
plementation (negation) cannot be shown. In such cases, a partial result 
can sometimes nevertheless be obtained by showing that every existential 
monadic second-order formula can be translated into an automaton. This 
is, for instance, the case for pictures [51], see also [83]. 

Büchi’s Theorem characterizes monadic second-order logic in terms of 
finite-state automata on infinite words. It is only natural to ask whether 
there are fragments of monadic second-order logics or other logics similar in 
expressive power to monadic second-order logic that can be characterized in 
a comparable fashion. We have already seen that the existential fragment 
of S1S has the same expressive power as S15, but one can prove that first- 
order logic with ordering (and successor) or with successor only is strictly 
less expressive than S18. The first of the two logics can be characterized 
just as in the case of finite words as defining exactly 


(i) the star-free languages of infinite words, 
(ii) the languages expressible in linear-time temporal logic, and 


(iii) the languages of infinite words which are recognized by counter-free 
automata 


(see [64, 116, 95, 132]), the second can be characterized as the weak version 
of locally threshold testability [117]. 

Ever since Biichi’s seminal work automata on infinite words and formal 
languages of infinite words have been a major topic in research, motivated 
both from a mathematical and a computer science perspective. There have 
been many (successful) attempts to adapt the facts known from classical 
automata theory and the classical theory of formal languages to the set- 
ting with infinite words, for instance, regular expressions were extended to 
w-regular expressions and the algebraic theory of regular languages was ex- 
tended to an algebraic theory of w-regular languages. But there are also 
new issues that arise for infinite words, which are essentially irrelevant for 
finite words. For example, the set of infinite words over a given alphabet 
can easily be turned into a topological space and it is interesting to study 
how complex languages are that can be recognized by finite-state automata. 

One particularly interesting issue are the different types of acceptance 
conditions that are available for automata on infinite words. In our ex- 
position, we work with Büchi and parity acceptance, but there are many 
more acceptance conditions which are suggested and widely used through- 
out the literature. The most prominent are: Streett [113], Rabin [100], and 
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Muller conditions [89]. An important question regarding all these different 
acceptance conditions is which expressive power they have, depending on 
whether they are used with deterministic or nondeterministic automata. It 
turns out that when used with nondeterministic automata all the afore- 
mentioned conditions are not more powerful than nondeterministic Butchi 
automata and when used with deterministic automata they are all as pow- 
erful as deterministic parity automata. In other words, each of the three 
conditions is just as good as the parity condition. Given McNaughton’s 
Theorem, this is not very difficult to show. In almost all cases, asymptot- 
ically optimal conversions between the various conditions are known [105]. 
Recent improvements are due to Yan [131]. 

It is not only the type of acceptance condition that can be varied, but 
also the type of “mode”. In this section, we have dealt with deterministic 
and nondeterministic automata. One can either look for 


(i) modes in between or 
(ii) modes beyond nondeterminism. 


As examples for (i) we mention unambiguous automata [4], which are Biichi 
automata which admit at most one accepting run for each word, and pro- 
phetic automata [21], which are Biichi automata with the property that 
there is exactly one run on each word (besides partial runs that cannot be 
continued), be it accepting or not. 

Examples for (ii) are alternating automata on infinite words, which are 
explained in detail in Section 4. Since they are, in principle, stronger than 
nondeterministic automata, they often allow for more succinct representa- 
tions, which is why they have been studied extensively from a practical and 
complexity-theoretic point of view. Moreover, they can often be used to 
make automata-theoretic constructions more modular and transparent and 
help to classify classes of languages. For instance, the Kupferman-—Vardi 
complementation construction for Biichi automata uses what are called weak 
alternating automata as an intermediate model of automaton, see also [121]. 

As can be seen from the Biichi-Landweber theorem, games of infinite 
duration are intimately connected with the theory of automata on infinite 
words. This becomes even more obvious as soon as alternating automata 
come into the picture, because they can be viewed as defining families of 
games in a uniform fashion. These games play a similar role in the theory 
of automata on infinite trees, as will be explained in the next section. Re- 
gardless of this, these games are interesting in their own right and there is 
an extensive literature on them. One of the major open problems is the 
computational complexity of finite parity games. The best upper bounds 
are that the problem is in UP N co-UP, which is a result by Jurdziriski [61], 
that it can be solved by subexponential algorithms, see, for instance, [63], 
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and polynomial time algorithms when the underlying game graphs belong 
to certain restricted classes of graphs, see, for instance, [8]. 


3 Monadic-second order logic of two successors 


Büchi’s Theorem is a blueprint for Rabin’s result on monadic second-order 
logic of two successors (S2S). The formulas of that logic are built just as 
S18 formulas are built, except that there are two successor relations and not 
only one. More precisely, while in S15 the atomic formulas are of the form 
x € X and suc(z, y) only, in S2S the atomic formulas are of the form x € X, 
suco(x, y), and sucı(x, y), where suco(x, y) and suc;(, y) are read as “y is 
the left successor of x” and “y is the right successor of x”, respectively. S25 
formulas are interpreted in the full binary tree Ain. 

As a first simple example, we design a formula with one free set variable 
X which holds true if and only if the set assigned to X is finite. This can 
be expressed by saying that on every branch there is a vertex such that the 
subtree rooted at this vertex does not contain any element from X. This 
leads to: 


VY(“Y is a branch of the binary tree” — 
Jyly € Y AVz(y < z => 72 € X))), 


where < is meant to denote the prefix order on the vertices of Ain. That 
Y is a branch of Ain can easily be expressed as a conjunction of several 
simple conditions: 


e Y is not empty, which can be stated as Jxz(x € Y), 


e with each element of Y its predecessor (provided it exists) belongs 
to Y, which can be stated as VaVy(y € Y A (suco(x, y) V sucı (x, y)) > 
x €Y), and 


e each element of Y has exactly one successor in Y, which can be stated 
as VaVyVz(a € Y A^ suco(z, y) Asuci(z,z) — (yEYozdY)). 


To conclude the example, we define x < y by stating that every successor- 
closed set containing x contains y as well: 


VX (a € X AV2V2'(z € X A (suco(z, 2’) V 
suci(z,2’)) > z EX) aye X). 


Observe that we have a universally quantified set variable in this formula, 
whereas in Section 2 we use an existentially quantified set variable to define 
ordering for the natural numbers. In both situations, one can use either 
type of quantifier. 
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As a second example, we consider the property that on every branch 
there are only finitely many elements from X. This can be specified by: 


VY (“Y is a branch of the binary tree” —> 
Jyly EY AYz(z <z^Az €Y >~7z€X))), 


using the same auxiliary formulas from above. 

The most important question about S2S is whether satisfiability is decid- 
able. A positive answer to this question implies decidability of the monadic 
second-order theory of the binary tree and a number of related theories as 
Rabin showed in his 1969 paper [100]. 

That satisfiability of an S2S formula is decidable can, in principle, be 
shown in the same way as the analogous statement for S1S: One first proves 
that every S2S formula can be translated into an equivalent automaton— 
this time a tree automaton—and then shows that emptiness for the au- 
tomata involved is decidable. This is the approach that Rabin took in 
[100], and which we follow here, too. 


3.1 Rabin’s Theorem 


In his original paper [100] Rabin used what we nowadays call Rabin tree 
automata to characterize S2S. We use the same model of tree automaton 
but with a simpler acceptance condition, the parity acceptance condition, 
which we also use in the context of S1S. 

It is not clear right away how a tree automaton model should look like, 
but it turns out that it is reasonable to envision a tree automaton as follows. 
Starting in an initial state at the root of the tree the automaton splits up 
into two copies, one which proceeds at the left successor of the root and 
one which proceeds at the right successor of the root. The states which are 
assumed at these vertices are determined by the initial state and the label of 
the root. Then, following the same rules, the copy of the automaton residing 
in the left successor of the root splits up into two copies which proceed at 
the left successor of the left successor of the root and the right successor of 
the left successor of the root, and so on. In this way, every vertex of the 
tree gets assigned a state, and a tree is accepted if the state labeling of each 
branch satisfies the acceptance condition. 

Formally, a parity tree automaton is a tuple 


B= (4,Q,qr, A, T), 


where A, Q, and 7 are as with parity (word) automata (see Section 2.3.1), 
qr is an initial state instead of a set of initial states, and A is a transition 
relation satisfying A C Q x Ax Q x Q. Such an automaton runs on full A- 
labeled binary trees which are given implicitly. A run of æ on a binary tree 
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t: 2* — Aisa binary tree r: 2* — Q such that (r(u), t(u), r(u0), r(ul)) € A 
for all u € 2*. It is accepting if for every infinite branch u € 2” its labeling 
satisfies the parity condition, that is, if val, (r(u(0))r(u(1))...) mod 2 = 0. 

As an example, consider the set L of all binary trees over {0,1} with 
only finitely many vertices labeled 1 on each branch, which is very similar 
to the second property discussed above. It is straightforward to construct 
a parity tree automaton that recognizes L. The main idea is to use two 
states, gg and qı, to indicate which label has just been read and to use the 
parity condition to check that on every path there are only finitely many 
vertices labeled qi. In other words, we have A = {0,1}, Q = {q1, q0, q1}, 
A = {(4,4, qa; da): a E A,g E Q}, m(qr) = 0, and (qa) =a+1 forae A. 

Rabin, in [100], proved a complete analogue of Biichi’s theorem. We state 
Rabin’s Theorem using the same notation as in the statement of Biichi’s 
Theorem, which means, for instance, that we write Z (æ) for the set of all 
trees accepted by a parity tree automaton &. 


Theorem 3.1 (Rabin, [100]). 


(i) There exists an effective procedure that given an $25 formula y = 
y(Vo,---;Vm-1) outputs a parity tree automaton & such that 
L(A) = Lp). 


(ii) There exists an effective procedure that given a parity tree automaton 
& over an alphabet [2]m outputs a formula y = y(Vo,..., Vn—1) such 
that L(y) = L(A). 


To prove part 2 one can follow the same strategy as with S18: One sim- 
ply constructs a formula that describes an accepting run of a given parity 
tree automaton. Proofs of part 2 of Theorem 3.1 can also be carried out 
as with S1S: One uses a simple induction on the structure of the formula. 
The induction base and all but one case to be considered in the induc- 
tive step are almost straightforward. The difficult step is—just as with 
Buchi automata—negation. One has to show that the complement of a 
tree language recognized by a parity tree automaton can be recognized by 
a parity tree automaton. This result, also known as Rabin’s complementa- 
tion lemma, can be proved in different ways. We present a proof which, in 
spirit, is very similar to what can be found in Biichi’s [12] and Gurevich and 
Harrington’s [54] work. At its heart, there is a game-theoretic description 
of acceptance (Section 3.2). The complementation construction itself has 
the determinization from Theorem 2.14 built in (Section 3.3). 


3.2 The automaton-pathfinder game 


Let & be a parity tree automaton as above and t: 2* — A a binary tree. 
We consider a parity game where one can think of Player 0 as proving to 
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Let & be a parity tree automaton and t: 2* — A a tree over 
the same alphabet. The automaton-pathfinder game for 2% 
and t is the parity game |æ t] defined by 


GA, t] = (2* x Q,2* x A, (£, qr), Mo U Mı, T’) 
where 


e for every word u € 2*, state q € Q, and (q, t(u), q0,q1) € 
A, the move ((u, q), (u, (q, t(u), qo; u))) belongs to Mo, 


e for every word u € 2*, transition (q,t(u),¢o,q1) € A, 
and i < 2, the move ((u, (q, t(u), qo, q1)), (ui, qi)) be- 
longs to Mı, and 


e a’((u,q)) = 7(q) for all u € 2* and q E€ Q. 


FIGURE 12. Automaton-pathfinder game 


Player 1 that t is accepted by &, as follows. The game starts at the root 
of the tree and Player 0 suggests a transition which works at the root of 
the tree, which means it must start with the initial state and it must show 
the symbol the root is labeled with. Then Player 1 chooses the left or right 
successor of the root, say she chooses the left successor. Now it’s Player 0’s 
turn again. He must choose a transition which works for the left successor, 
which means it must start with the state chosen for the left successor in the 
transition chosen in the previous round and it must show the symbol the left 
successor is labeled with. Then Player 1 chooses one of the two successors, 
and so on. As the play proceeds, a sequence of transitions is constructed. 
Player 0 wins this play when the respective sequence of the source states of 
the transitions satisfies the parity condition. 

The precise definition of the parity game is given in Figure 12. Observe 
that for convenience the priority function is only partially defined. This 
does not cause any problems since there is an infinite number of vertices 
with priorities assigned to them on every infinite path through the game 
graph. 


Lemma 3.2 (Gurevich-Harrington, [54]). Let & be a parity tree automa- 
ton and t: 2* — A a tree over the same alphabet. Then the following are 
equivalent: 
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(A) & accepts t. 
(B) Player 0 wins G|% , t]. 


Proof. For the implication from (A) to (B), we show how to convert an 
accepting run r: 2* > Q of & on t into a winning strategy for Player 0 in 
G\a/,t]. A strategy o for Player 0 is defined on words of the form 


u = (£, qo) (£, To) (G0, 41) (G0, 71) (@041, q2) - - . (ao - . . An—1, In) 


with qo = qr, qi E Q for i < n, 7% E€ A, and a; E€ {0,1} fori < n. 
For such a word u, we set vy = ao ...@n—1. After the explanations given 
above on how one should think of the game, it should be clear that we set 
a(u) = (u,(dn,a,q°,q')) with qf = r(vui) for i < 2. It is easy to check 
that this defines a winning strategy, because every play conform with ø 
corresponds to a branch of the run r. 

Conversely, assume ø is a winning strategy for Player 0 in the above 
game. Then an accepting run r can be defined as follows. For every partial 
play u as above which is conform with ø, we set r(vu) = dn. It is straight- 
forward to check that this defines an accepting run, because every path in 
r corresponds to a play of F|, t] conform with ø. Q.E.D. 


There is a similar parity game—the emptiness game—which describes 
whether a given parity tree automaton accepts some tree. In this game, 
when Player 0 chooses a transition, he does not need to take into account any 
labeling; he simply needs to make sure that the transition is consistent with 
the previously chosen transition. The full game is described in Figure 13. 

With a proof similar to the one of Lemma 3.2, one can show: 


Lemma 3.3. Let & be a parity tree automaton. Then L(A) 4 Ø if and 
only if Player 0 wins g|]. 


Taking Theorem 2.21 into account, we obtain: 


Corollary 3.4 (Rabin, [100]). The emptiness problem for parity tree au- 
tomata is decidable. 


Rabin proved, in some sense, a stronger result, because he used tree 
automata with Rabin acceptance condition. As a further consequence of 
Lemma 3.3, taking Rabin’s Theorem into account, we note: 


Corollary 3.5 (Rabin, [100]). Satisfiability is decidable for 52S. 
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Let & be a parity tree automaton. The emptiness game 
Go|] is defined by 


EAKA = (Q, A, qr, Mo U Mı, T) 
where 


e forq E€ Q and (q,a, qo, q1) € A, the move (q, (q, a, qo, q1)) 
belongs to Mo, 


e for every (q,a,qo,qı) € A and i < 2, the move 
((q,a, qo, q1), qi) belongs to Mı. 


FIGURE 13. Emptiness game for a parity tree automaton 


3.3 Complementation of parity tree automata 


We can finally turn to the question of how to arrive at a parity tree au- 
tomaton for the complement of a set of trees accepted by a given parity 
tree automaton. We are given a parity tree automaton ./ and we want to 
construct a parity tree automaton which recognizes Y(/)°, where for each 
tree language L over some alphabet A we write LO for the set of all trees 
over A which do not belong to L. 

We describe the entire construction as a composition of several simpler 
constructions. More precisely, we first show that for every tree in the com- 
plement there exists a tree over an enhanced alphabet which witnesses its 
membership to the complement. The second step is to prove that the set 
of these witnesses can be recognized by a universal parity tree automaton. 
The third step consists in showing that universal parity tree automaton can 
be converted into (ordinary nondeterministic) parity tree automata, and the 
final step shows how to reduce the enhanced alphabet to the real one. 

The first key step is to combine the automaton-pathfinder game with 
memoryless determinacy. To this end, we encode memoryless (winning) 
strategies for the pathfinder in trees. Observe that a memoryless strategy 
for the pathfinder in |x, t] for some automaton æ% and some tree t is 
simply a (partial) function a: 2* x A — 2* x Q. Since, by construction 
of G|, t], we always have o(u, (q,a,q0,q1)) = (ui, qi) for some i < 2, we 
can view such a function as a function 2* x A — 2, which, in turn, can be 
viewed as a function 2* — 24. The latter is simply a 24-labeled tree. When 
we further encode the given tree t in that tree, we arrive at the following 
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notion of complement witness. 

Let & be a parity tree automaton and t: 2* — A x 24 a tree. For 
simplicity, we write t'(u) as (au, fu) for every u € 2*. The tree t is a 
complement witness if for every branch u € 2” the following holds. If 
ToTi + € AY with Ti = (qi, aujo.) 99, q}) is such that qo = qr and qi41 = q? 
where b = fujo, (Ti) for every i, then val,(qoq1...) mod 2 = 1, that is, 
qoqı -.. is not accepting with respect to 7. 

After the explanation given above, Theorem 2.20 now yields the lemma 
below, where we use the following notation. Given a tree t: 2* => Ax B 
for alphabet A and B, we write pro(t’) for the tree defined by pro(t’)(u) = 
pro(t'(u)) for every u € 2*, that is, we simply forget the second component 
of every label. 


Lemma 3.6. Let & be a parity tree automaton and t: 2* — A a tree over 
the same alphabet. Then the following are equivalent: 


(A) te Lia)”. 
(B) There is a complement witness t for & such that pro(t’) =t. Q.E.D. 


Using more notation, we can state the above lemma very concisely. First, 
we extend projection to tree languages, that is, given a tree language L over 
some alphabet A x B, we write pro(L) for {pro(t): t € L}. Second, given 
a parity tree automaton &, we write @(.) for the set of all complement 
witnesses for &. Then Lemma 3.6 simply states: 


Remark 3.7. For every parity tree automaton &/, 
L(A) = prol C(A). 


So, clearly, once we have a parity tree automaton for G (£), we also 
have a parity tree automaton for -2 (2/)F, because we only need to omit the 
second component from the letters in the transition function to obtain the 
desired automaton. 

It is not straightforward to find a parity tree automaton that recognizes 
C(A); it is much easier to show that € (£) is recognized by a universal 
parity tree automaton. Such an automaton is a tuple 


B= (A, Q, qr, A, 7) 


where A, Q, qr, and 7 are as with parity tree automata and A CQ x Ax 
2x Q. Let t: 2* — A bea tree over A. A word r € Q“ is said to be a 
run for branch u € 2” if (r(i), t(u[0,7)), u(é), r(¢+1)) € A for every i and 
r(0) = qr. A tree is accepted if every r € Q” which is a run for some branch 
satisfies the parity acceptance condition. 
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Let & be a parity tree automaton. The universal parity tree 
automaton °°” is defined by 


AN = (A x 2°,Q,q1,A',7 +1) 


where (q, (a, f),d,q’) E€ A’ if there exists T = (q,a,q0,%1) € 
A such that f(T) = d and qa = q', and where m + 1 stands 
for the priority function 7’ defined by m'(q) = a(q) + 1. 


FIGURE 14. Universal parity tree automaton for complement witnesses 


We can now rephrase Lemma 3.6 in terms of the new automaton model. 
We can express the complement of a tree language recognized by a parity 
tree automaton as the projection of a tree language recognized by a universal 
parity tree automaton. The latter is defined in Figure 14. Observe that the 
runs for the branches in this automaton correspond to the words 797... in 
the definition of complement witness. 

We immediately obtain: 


Remark 3.8. For every parity tree automaton &, 
CIA) = L(A). 


To complete the description of the complementation procedure, we need 
to explain how a universal parity tree automaton can be converted into a 
parity tree automaton. One option for such a construction is to use Mc- 
Naughton’s Theorem, namely that every nondeterministic Büchi automaton 
can be turned into a deterministic parity automaton. The idea is that the 
tree automaton follows all runs of a given branch at the same time by run- 
ning a deterministic word automaton in parallel. 

Let Q be a finite set of states and 7: Q —> w a priority function. Let 2 
be the alphabet consisting of all binary relations over Q. Then every word 
u E€ 2” generates a set of infinite words v € Q”, denoted (u), defined by 


(u) = {v € Q*: Vi((v(i), v(i + 1)) € u(i))}, 


and called the set of paths through u, because one can think of (u) as the 
set of all infinite paths through the graph which is obtained by “collat- 
ing” u(0),u(1),.... We are interested in a deterministic parity automaton 
A |Q, n| which checks that all paths through a given u satisfy the given par- 
ity condition, that is, which has the following property. For every u € 2”, 


u E L(A|Q,7]) if — Wv(v € (u) > val, (v) mod 2 = 0). (1.1) 
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Let Q be a finite set of states and 7: Q — w a priority 
function. Consider the parity word automaton 


B=(2,Q,Q1,4,74+ 1) 


where A = {(q¢,R,q’): (q,q') € R}. Let @ be an equivalent 
Biichi automaton (Figure 7) and Y a deterministic parity au- 
tomaton equivalent to @ (Figure 9). The automaton #[Q, r] 
is defined by 


AQ, T] = (2,Q7, qf, ô”, T +1). 


FIGURE 15. Generic automaton for state set and priority function 


Using Theorem 2.14, such an automaton, which we call a generic automaton 
for Q and 7, can easily be constructed, as can be seen from Figure 15. 
Observe that, by construction, 


ue LE) iff  w(v € (u) A val,(v) mod 2 = 1), 


for every u € 2”. We conclude: 


Remark 3.9. Let Q be a finite state set and 7: Q — w a priority function. 
Then 1.1 holds for every u € QY. 


Given the generic automaton, it is now easy to convert universal tree 
automata into nondeterministic ones: One only needs to run the generic 
automaton on all paths. This is explained in detail in Figure 16. 


Lemma 3.10. Let & bea universal parity tree automaton. Then L (£) = 
L(A). 


Proof. For convenience, we write Z for A |Q, n7]. 

First observe that for every t: 2* > A there is exactly one run of 4 
on t. This is because A is such that for every s € S and a € A, there is 
exactly one transition in A of the form (s,a, 89,81). For a given t, let ry 
denote this run. So in order to determine whether a tree is accepted by 
A, we only need to determine whether r; is accepting. To this end, we 
consider a branch w € 2” of this tree. 

By construction of 4, the labeling of w in r; is the run of Z on 
u = RGRY... where RY = Riwio,i)),w(i)- So (u) is the set of runs of &/ 
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Let & be a universal parity tree automaton and assume 
that the generic automaton for Q7 and m” is given as 
AQ” 1%] = (2% ,S,81,5,7). The parity tree automaton 
A is defined by 
of = (A, 8,81, A, T) 

where for every a € A and s E€ S, 

Ts a = (s, a, d(s, Rao), 5(s, Raa)) 
with Raa = {(q,q'): (q,a, d,q') E AF} for d < 2 and 


A= {T5a: aE ANSE S} 


FIGURE 16. From universal to nondeterministic parity tree automata 


on branch w. In view of Remark 3.9, this implies that w is accepting as a 
branch of r, if and only if all runs of æ on w are accepting. From this, the 
claim of the lemma follows immediately. Q.E.D. 


This was also the last missing piece in the construction from a given 
parity tree automaton to a parity tree automaton for its complement: 


Lemma 3.11 (Rabin, [100]). There is an effective procedure that turns 
a given parity tree automaton into a parity tree automaton © that 
recognizes the complement of the language recognized by &. Q.E.D. 


3.4 Notes 


Rabin’s Theorem is important from a mathematical (logical) point of view 
because it is a very strong decidability result and can as such be used to 
show the decidability of many theories, see, for instance, Rabin’s original 
paper [100] and the book [15]. A very specific question to ask is how one 
can prove that the monadic second-order (or first-order) theory of a certain 
structure is decidable using the fact that it is decidable for the binary tree. 
There is a wide spectrum of techniques that have been developed to this 
end and are explained in detail in [9], see also [22]. 

It may seem that the results proved for $15 and automata on infinite 
words extend to $25 and automata on infinite trees in a straightforward 
fashion. This is true in many respects, but there are important differences. 
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Most importantly, it is neither true that every tree language recognized by 
a parity tree automaton can be recognized by a Biichi tree automaton nor 
is it true that WS2S and S25 are equally expressive. There is, however, 
an interesting connection between Biichi tree automata and WS2S: a set of 
trees is definable in WS2S if and only if it is recognized by a Biichi tree 
automaton and its complement is so, too, which was proved by Rabin [101]. 
Moreover, being definable in WS2S is equivalent to being recognized by a 
weak alternating tree automaton [73]. It is true though that every S28 for- 
mula is equivalent to an existential S2S formula. Also note that the second 
formula given as example at the beginning of this section is one which can- 
not be recognized by a Biichi tree automaton, let alone specified in WS2S. 
Another noticeable difference between automata on infinite words and au- 
tomata on infinite trees is that unambiguous tree automata are weaker than 
nondeterministic ones, which is a result due to Niwiński and Walukiewicz 
[94]. Its proof was recently simplified considerably by Carayol and Léding 
[20]. 

The most complicated automata-theoretic building block of our proof 
of Rabin’s theorem is McNaughton’s Theorem, the determinization of word 
automata. It is not clear to which extent McNaughton’s Theorem is neces- 
sary for the proof of Rabin’s Theorem. The proof presented here is based 
on a translation in the sense that for every S2S formula y we construct 
an automaton & such that Y(#) = L(y) and it makes full use of a 
determinization construction. There are other proofs, such as the one by 
Kupferman and Vardi [75], which do not rely on the entire construction 
but only on the fact that there are determinization constructions with a 
certain bound on the number of states. These constructions, however, yield 
a slightly weaker result in the sense that they only reduce 52S satisfiability 
to tree automaton emptiness. In the proof presented here, determinization 
is used to turn a universal automaton into a nondeterministic one, which 
could be called a de-universalization construction. It would be interesting 
to see if one can also go in the reverse direction, that is, whether there is 
a determinization construction which can be built on a de-universalization 
construction. 

At the end of the previous section, we mentioned that topological ques- 
tions are interesting in the context of infinite words and automata on infinite 
words. This is even more true for infinite trees, see [5]. 


4 Linear-time temporal logic 


Although originally introduced in this context, 51S and WS1S have only 
very rarely been used to specify properties of (finite-state) devices (see [56] 
for a noticeable exception). For S2S, this is even more true; it has almost 
always been used to obtain decidability for logical theories as pointed out 
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in Section 3. But the ever-increasing number of real computational devices 
and large-scale production lines of such devices has called for appropriate 
specification logics. In this section, we consider a logic that was introduced 
in this regard and show how it can be dealt with using automata theory, in 
particular, we show how specifically tailored automata can be used to obtain 
optimal upper bounds for problems such as satisfiability, conformance—in 
this context called model checking—, and realizability. 


4.1 LTL and S1S 


Linear-time temporal logic (LTL) is a modal logic designed to specify tem- 
poral relations between events occurring over time, designed by Kamp [64] 
to formally describe temporal relationships expressible in natural language 
and introduced into computer science by Pnueli [98] (see also the work 
by Burstall [13] and Kröger [69]) as an appropriate specification language 
for systems with nonterminating computations. Nowadays, LTL is widely 
spread and used in practice. 

From a syntactic point of view LTL is propositional logic augmented by 
temporal operators. LTL formulas are built from tt and propositional vari- 
ables using negation (~), disjunction (V), and the binary temporal operator 
XU called “strict until” and used in infix notation. For instance, when p is 
a propositional variable, then ~p A tt XU p is an LTL formula. When P is a 
finite set of propositional variables and y an LTL formula with propositional 
variables from P, then y is called a formula over P. 

LTL formulas are typically interpreted in infinite words, more precisely, 
given a finite set P of propositional variables, an LTL formula y over P, a 
word u € (2”)”, and i > 0, it is defined what it means that y holds in u at 
position 7, denoted u,i |= y: 


e u,i = tt, 


e u,i |p ifp € u(i), for every p € P, 


i H ~y if u,i KF ọ, for every LTL formula y over P, 


e u, i = Vy% if u,i H yor u,i H y, for LTL formulas vy and w over P, 


e u,i = p XU y if there exists j > i such that u, j = w and u,i’ H ¢ for 
all i’ such that i <i’ < j. 


So pXUw means that the formula y holds true in the future until a point is 
reached where w holds true. For a word u as above and an LTL formula y 
we say that y holds in u, denoted u = y, if u,0 H y. The language defined 
by y is L(y) = {u € (2”)”: u & y}, where, for convenience, we do not 
refer to P in the notation. 
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Clearly, there are many more basic temporal relations than just “until”. 
So, often, other temporal operators are used: 


e “next” is denoted X and defined by Xy = ~tt XU y, 


e “sometime in the future” is denoted XF and defined by XFy = ttXU y, 
and 


e “always in the future” is denoted XG and defined by XGy = —=XF-y. 


In many situations, it is convenient to include the current point in time, 
which leads to defining F by Fy = ọ V XFy and, similarly, G by Gp = =Fry 
as well as U by y U 4 = 4 V (p A ọ XU 4). 

It is remarkable that Kamp in his 1968 thesis [64] proved that every 
temporal relation expressible in natural (English) language can be expressed 
in linear-time temporal logic as defined above. As a yardstick for what is 
expressible in natural language he used first-order logic, considering formula 
with one free variable. To be precise, to obtain his result Kamp also had 
to add a past version of until, called since. That until by itself is enough to 
express everything expressible in first-order logic when only sentences are 
considered was proved by Gabbay, Pnueli, Shelah, and Stavi [47]. 

A typical LTL formula is 


G(pr B XFpa) 


which expresses that for every occurrence of p, there is a later occurrence 
of pa, or, simply, every “request” is followed by an “acknowledge”. 

Another, more complicated, example is a formula expressing that com- 
peting requests are served in order. We assume that rọ and rı are propo- 
sitional variables indicating the occurrence of requests and ag and a, are 
matching propositional variables indicating the occurrence of acknowledg- 
ments. We want to specify that whenever an ro request occurs while no rı 
request is pending, then a, does not occur before the next occurrence of apo. 

We first specify that starting from an rp request there is an a, acknowl- 
edgment before an ag acknowledgment: 


a = ro A (~ao XU (a, A 7a9)). 


Next, we observe that there are two different types of situations where 
an ro request can occur while no rı request is pending. The first type 
of situation is when there has been no rı request before the ro request in 
question. The second type is when a, occurred before the ro request in 
question and in between there has been no rı request. For each type of 
situation, we have a separate disjunct in our formula: 


a(ar, U (ari A a)) V AF(ay A ari U (ari A a)). 
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Clearly, in the context of LTL all the algorithmic problems discussed for 
S1S—-satisfiability, conformance (model checking), and realizability—can be 
discussed. For instance, we can ask whether a given formula y over P is 
satisfiable in the sense that there exists a word u € (2”)” such that u = ọ 
or, given y and a finite-state automaton J over 2”, we can ask whether 
u E ¢ for all u € L(Y). 

We can show in just one step that all these problems are decidable, 
namely by showing that every LTL formula is equivalent to an S1S formula; 
the results from Section 2 then apply. Unfortunately, the decision proce- 
dures that one obtains in this way have a nonelementary complexity. We 
can do better by using specifically tailored automata-theoretic construc- 
tions. We first present, however, the translation into S1S and then only 
turn to better decision procedures. 

We start by defining the notion of equivalence we use to express the cor- 
rectness of our translation. Let P = {po,...,pr—1} be a set of propositional 
variables. Rather than interpreting LTL formulas over P in words over 2”, 
we interpret them in words over [2],, where we think of every letter a € 2? 
as the letter b € [2], with b] = 1 iff p; € a for every j < r. We say that an 
S1S formula w = w(Vo,..., Vr—1) is equivalent to an LTL formula y over P 
if for every u € [2]? the following holds: u — ọ iff u Ew. 

In the proposition below, we make a stronger statement, and this involves 
the notion of global equivalence, which is explained next. Given a word 
u € [2]”, a position 7, and an S1S formula % = w(Vo,...,V—1, x) where 
x is a first-order variable, we write u,i — w if w holds true when the set 
variables are assigned values according to u and x is assigned i. We say 
that w~ is globally equivalent to an LTL formula y over P if the following 
holds: u,i = y iff u,i H w for every u € [2]? and every i. 


Proposition 4.1. Let P = {po,...,p,—1} be a finite set of propositional 
variables and «x a first-order variable. For every LTL formula y over P a 
globally equivalent S1S formula ¢ = y(Vo,..., Vp—1, £) can be constructed. 


Observe that Ja(Vy-suc(y, x) A $) is equivalent to y. 


Proof. A proof can be carried out by a straightforward induction on the 
structure of y. When ọ = tt, we choose ¢ = (x = x), and when y = pj, we 
take @ = x € Vj. 

In the inidiictive step, we distinguish various cases. When Y = =y, we 
can choose ~ = =a). Similarly, when y = w V x, we can choose g = w VX. 
Finally, assume y = Y XU x. Then we choose 


P= Az(t < z A X(Vo,.-., Vp—1,2) A Vylz < y < z = Ọ(Vo, ... , V—1,y))), 


which simply reflects the semantics of XU. Q.E.D. 
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Observe that the above proof even shows that every formula is equivalent 
to a first-order formula (without set quantification but with ordering), and 
a slightly more careful proof would show that three first-order variables 
are sufficient [58]. Kamp’s seminal result [64] is the converse of the above 
proposition when first-order logic with ordering is considered instead of S15. 


As a consequence of Proposition 4.1, we can state: 


Corollary 4.2. LTL satisfiability, model-checking, and realizability are de- 
cidable. 


This result is not very satisfying, because in view of [112, 111] the deci- 
sion procedures obtained in this way have nonelementary complexity. As it 
turns out, it is much better to translate LTL directly into Biichi automata 
and carry out the same constructions we have seen for S15 all over again. 
The key is a good translation from LTL into Buchi automata. 


4.2 From LTL to Biichi automata 


Vardi and Wolper [124, 126] were the first to describe and advocate a sep- 
arate translation from LTL into Biichi automata, resulting in essentially 
optimal bounds for the problems dealt with in Section 2. These bounds 
were originally achieved by Sistla and Clarke [108, 109], for satisfiability 
and model checking, and by Pnueli and Rosner [99], for realizability. 

There are several ways of translating LTL into Büchi automata. We 
present two translations, a classical and a modern translation: the first one 
goes from an LTL formula via a generalized Biichi automaton to an ordi- 
nary Biichi automaton, while the second one goes via very weak alternating 
automata. 

Both of the constructions we are going to present are based on formulas 
in positive normal form, which we define next. The operator “release”, 
denoted XR, is defined by pXRw = 7(-yXU-w). In a certain sense, yXRw 
expresses that the requirement of 7 to hold is released by the occurrence of 
p. LTL formulas in positive normal form are built starting from tt, ff, p, 
and ~p using V, A, XU, and XR, that is, negations are only allowed to occur 
right in front of propositional variables. 

The following identities show that every LTL formula can be transformed 
into an equivalent LTL formula in positive normal form which is not longer 
than the given one (not counting negation symbols). 


Lemma 4.3. For LTL formulas y and w over a finite set P of propositional 
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variables, u € (2°), and i > 0, the following holds: 


u,i = att iff u, i H ff, 

u, i = =n iff u,i = y, 

u, i H aly V wv) iff u, i = nyp A ny, 
u, i = ~alo XU y) iff u, i = ay XR ay. 


Proof. A proof can be carried out in a straightforward fashion, using the 
definition of the semantics of LTL. Q.E.D. 


As mentioned above, the other ingredient for our translation are gener- 
alized Büchi automata, introduced in [49]. Such an automaton is a tuple 


A =(A,Q,Q1,4, F) 


where the first four components are as with ordinary Büchi automata, the 
only difference is in the last component: F is a set of subsets of Q, each 
called an acceptance set of &. A run r is accepting if for every acceptance set 
F € F there exist infinitely many i such that r(i) € F. So generalized Biichi 
automata can express conjunctions of acceptance conditions in a simple way. 

The essential idea for constructing a generalized Biichi automaton equiv- 
alent to a given LTL formula is as follows. As the automaton reads a given 
word it guesses which subformulas are true. At the same time it verifies 
its guesses. This is straightforward for almost all types of subformulas, for 
instance, when the automaton guesses that ~p is true, it simply needs to 
check that p ¢ a if a is the current symbol read. The only subformulas that 
are difficult to handle are XU-subformulas, that is, subformulas of the form 
w XU x. Checking that such a subformula is true cannot be done directly 
or in the next position in general because the “satisfaction point” for an 
XU-formula—the position where x becomes true—can be in the far future. 
Of course, by keeping w XU y in the state the automaton can remember 
the obligation to eventually reach a satisfaction point, but the acceptance 
condition is the only feature of the automaton which can be used to really 
check that reaching the satisfaction point is not deferred forever. 

The complete construction is described in Figure 17; it uses sub(y) to 
denote the set of all subformulas of a formula vy including ¢ itself. Note that 
for every XU-subformula 7 XU x there is a separate acceptance set, which 
contains all states which do not have an obligation for eventually satisfying 
this subformula or satisfy it in the sense that x is an obligation too. 


Theorem 4.4 (Gerth-Peled-Vardi-Wolper, [49]). Let P be a finite set of 
propositional variables and y an LTL formula over P with n subformulas 
and k XU-subformulas. Then [|v] is a generalized Biichi automaton with 
2” states and k acceptance sets such that 2(@/[y]) = L(y). 
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Let P be a finite set of propositional variables and y an LTL 
formula over P in positive normal form. The generalized 
Biichi automaton for y with respect to P, denoted æ |ọ], is 
defined by 


Ay) = (27,2) Q7 A, F) 


where a triple (Y,a, Y’) with U,W’ C sub(y) and a € 2? 
belongs to A if the following conditions are satisfied: 


(i) fe t, 


(ii) p € Y iff p € a, for every p € P, 


) 
) 
(iii) if Y V x € Y, then yE Y or x€ Y, 
(iv) if Y Ax EW, then Y € Y and x E€ Y, 
(v) if YXU x EW, then y E Y or {4, Y XU y} CW, 
(vi) if Y XR x, then {, x} C V or {x, Y XRX} CW’, 


and where 


Qr = {WV Csub(y): p E€ P}, 
F = {Fyxux: Y XU XE sub(y)}, 


with Fyxux defined by 


Fyuxuy = {¥ C sub(y): x € sub(y) or Y XU x ¢ Y}. 


FIGURE 17. From LTL to generalized Büchi automata 


Proof. We first show L(A |y]) C L(y). Let u € Z (A |p]) and let r be an 
accepting run of &[y] on u. We claim that for every i, if w € r(i), then 


u,i 


H w. The proof is by induction on the structure of w. If w = tt, y = ff, 


w = p, or = 7p, then this follows directly from (i) or (ii). If y = y V¢, the 
claim follows from the induction hypothesis and (iii). Similarly, the claim 
holds for a conjunction. 


Assume Y% = x XR¢. Then (vi) tells us that 


(a) x XR Gi C r(j) for every j >i or 
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(b) there exists j > i such that x XR¢ C r(i’) for i’ with i < i’ < j and 
XÇ € r(j). 


From the induction hypothesis and (a), we can conclude that we have 
u,v’ H ¢ for all 7’ > i, which means u,i H w. Similarly, from the in- 
duction hypothesis and (b), we can conclude that we have u,i’ = ¢ for all 
v such that i <i’ < j and u, j H x, which implies u,i = Y, too. 

Finally, assume | = x XU ¢. From (v), we obtain that 


(a) xXU¢ € r(j) for all j >i or 


(b) there exists j such that x XU ¢ € r(2’) for all 2’ with i < i’ < j and 
Ger). 


Just as with XR, we obtain u,i = ~ from the induction hypothesis and (b). 
So we only need to show that if (a) occurs, we also have (b). Since r 
is accepting, there is some © € Fyxuc such that r(j) = Y for infinitely 
many j. Assuming (a), we can can conclude Ç € Y, which, by induction 
hypothesis, means we also have (b). 

For the other inclusion, L(y) C &(# [y]), we simply show that for a 
given u such that u = ọ the word r defined by r(i) = {4 € sub(y): u, i H Y} 
is an accepting run of æ% |p] on u. To this end, we need to show that 


(a) r starts with an initial state, 
(b) (r(i), u(i), r(i + 1)) € A for all i, and 


(c) r(i) € Fyxuy for infinitely many i, for every formula w XU y € sub(y). 


That (a) is true follows from the assumption u } ọ. Condition (b) is 
true simply because of the semantics of LTL. To see that (c) is true, let 
w XU x E sub(y). We distinguish two cases. First, assume there exists i 
such that u,j A x for all j > i. Then u,j  w XU x for all j > i, hence 
r(j) € Fyxuy for all j > i, which is enough. Second, assume there are 
infinitely many i such that u,i = x. Then x € r(i) for the same values of i, 
which is enough, too. Q.E.D. 


Generalized Biichi automata can be converted into equivalent Biichi au- 
tomata in a straightforward fashion. The idea is to check that every ac- 
ceptance set is visited infinitely often by visiting these sets one after the 
other, in a fixed order, and repeating this process over and over again. In 
Figure 18, a respective construction is described. The second component 
of the state space is a counter which is used to keep track of the accep- 
tance set to be visited next. When this counter reaches its maximum, every 
acceptance set has been visited once, and it can be reset. 
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Let & be a generalized Büchi automaton with F = 
{Fo,..., Fk-1}. The Biichi automaton o/®4 is defined by 


APA = (A,Q x {0,...,k},Qr, A, Q x {k}) 


where A’ contains for every (q,a,q’) € A the following tran- 
sitions: 


e ((¢,k), a, (4,0), 
e ((q,7),a,(q’,7)) for every i < k, 


e ((q,2),a,(q’,i+1)) for every i < k such that q’ € Fj. 


FIGURE 18. From generalized Biichi to ordinary Biichi automata 


Remark 4.5. Let be a generalized Biichi automaton with n states and 
k acceptance sets. Then o®4 is an equivalent Biichi automaton with at 
most (k + 1)n states. 


Corollary 4.6 (Vardi-Wolper, [124, 126]). There exists an effective pro- 
cedure that given an LTL formula y with n states and k XU-subformulas 
outputs a Biichi automaton & with at most (k + 1)2” states such that 
L(A) = L (p). 


4.3 From LTL to alternating automata 


The above translation from LTL into Biichi automata serves our purposes 
perfectly. We can use it to derive all the desired results about the complexity 
of the problems we are interested in, satisfiability, model checking, and 
realizability, as will be shown in the next subsection. There is, however, a 
translation using alternating automata, which is interesting in its own right. 
The motivation behind considering such a translation is to pass from the 
logical framework to the automata-theoretic framework in an as simple as 
possible fashion (to be able to apply powerful automata-theoretic tools as 
early as possible). 

Alternating automata are provided with a feature to spawn several copies 
of themselves while running over a word. Formally, an alternating Büchi 
automaton is a tuple 


A = (P,Q, 41,5, F) 
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where P, Q, and qr are as usual, F is a Biichi acceptance condition, and 6 is 
a function which assigns to each state q a transition condition, where every 
transition condition ô(q) is a positive boolean combination of formulas of 
the form p and =p, for p € P, and Oq, for q € Q. More precisely, the set of 
transition conditions over P and Q, denoted TC(P, Q), is the smallest set 
such that 


(i) tt, ff € TC(P, Q), 
(ii) p, ap E€ TC(P, Q) for every p € P, 
(iii) Oq E€ TC(P, Q) for every q€ Q, 
(iv) YAY, yV y E TC(P, Q) for 7,7 € TC(P, Q). 


A run of such an automaton on a word u € (2”)” is a tree Z labeled with 
elements from (Q U TC(P, Q)) x w such that 1” (root(2)) = (qr, 0) and the 
following conditions are satisfied for every v € VŽ, assuming 17 (v) = (y, i): 

(i) 1 A ff, 
(ii) if y = p for some p € P, then p € u(t), 


(iii) if y = =p for some p € P, then p ¢ u(t). 


— 


fy = Od’, then v has a successor v’ such that 17 (v') = (q',i +1), 


m. 


(v 


) 
) 
) 
(iv) if y = q, then v has a successor v’ such that 17 (v’) = (6(q), i), 
) 
(vi) 


— 


fy = yoA 1, then v has successors vo and vı such that 17 
for j < 2, 


me 


vj) = (1554) 


(vii) if y = yo V 71, then there exists j < 2 such that v has a successor v’ 
with 17 (v) = (yj, i). 


An infinite branch b of Z is accepting if there are infinitely many i such that 
17 (b(i)) € F x w, in other words, there are infinitely many vertices with a 
final state in the first component of their labeling. The run is accepting if 
every infinite branch of it is accepting. 

As a simple example, consider the language Lio over 2” where P = {p} 
which contains all words u satisfying the following condition: There exists 
some number i such that p € u(j + 10) for all j > i with p € u(y). If 
we wanted to construct a nondeterministic automaton for this language, we 
could not do with less than 1000 states, but there is a small alternating au- 
tomaton that recognizes this language. It simply guesses the right position 
i and for each position j it spawns off a copy of itself checking that after 10 
further steps p holds true again. The details are given in Figure 19. 
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The automaton has states q7,qo,q1,---,qıo Where qo is the 
only final state and the transition function 6 is defined by 


e õ(qr) = Oar V Oqo, 

e (qo) = Oqo A ((PA Oq) V =p), 

e 6(qi) = Oqi+ı for all i such that 0 < i < 10, 
e 0(q10) = P. 


FIGURE 19. Example for an alternating automaton 


It is (vi) from above which forces the tree to become a real tree, that is, 
it requires that a vertex has two successors (unless yo = 71). So this is the 
condition that makes the automaton alternating: For a run to be accepting, 
both alternatives have to be pursued. 

The translation from LTL to alternating Büchi automata, given in Fig- 
ure 20, is straightforward as it simply models the semantics of LTL. It ex- 
ploits the fact that YXU x and YXRy are equivalent to Xx V (XYAX(YXUx)) 
and Xx A (Xy V X(W XR x)), respectively. Note that we use the notation 
[y] to distinguish subformulas of y from transition conditions (po A pı is 
different from [po A p1}). 

The transition function of ./?'*{y] has an interesting property, which we 
want to discuss in detail. Let < be any linear ordering which extends the 
partial order on Q defined by [w] < [x] if y € sub(x). For every 7) € sub(y) 
and every [x] occurring in 6([~]), we have [x] < [y]. Following Gastin and 
Oddoux [48], we call an automaton satisfying this property a very weak 
alternating automaton. 

The transition function of *'*[y] has an even stronger structural prop- 
erty, which we explain next. For a given symbol a € 2?, a transition 
condition y, a state q E€ Q, and a set Q’ C Q, we define what it means 
that Q’ is an a-successor of q with respect to y, denoted q >®7 Q’. This is 
defined inductively: 


eg — att B, 
e qg—*? Ø if p € a, and, similarly, q >®7? Ø if p ¢ a, 
sge da}; 


e gen Q if g 3% Q orq > Q, 
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Let y be an LTL formula in positive normal form over P and 
Q the set which contains for each y € sub(y) an element 
denoted [y]. The automaton «/*"*[A] is defined by 


Ty] = (P,Q, [y], ô, F) 


O({tt]) = tt, O((ff]) = ff, 
6([p]) = p, 6([>p]) = =p, 
âll v xl) = d([¢]) v allyl), ally Ax) = allel A eC], 


5([ XU x]) = Ofxl] v (Ofy] A Oly XU x]), 


d([ XR x]) = Oly] A (Ole) v Ole XR x]), 


and F contains all the elements |y] € Q where w is not a 
XU-formula. 


FIGURE 20. From an LTL formula to an alternating automaton 


e q =^ Q if there exists Qo, Qı C Q such that Q’ = Qo U Qi, 
q 8 Qo, and q>* Qh. 


Note that q —*7 Q’ has a natural interpretation in terms of runs. If a 
vertex v of a run is labeled (q,i) and Q’ is the set of all states q’ such that 
(q’,i+1) is a label of a descendant of v, then q >“ 7 Q’, provided, of course, 
that the run is minimal, which we can and will henceforth assume without 
loss of generality. 

We use q >° Q' as an abbreviation for q ~%° Q’. We say a state q is 
persistent if there exists Q’ such that q € Q’ and q —* Q’ for some letter a. 

Using the new notation, we can give an equivalent definition of being a 
very weak alternating automaton. It simply means that there exists a linear 
ordering < on the states of the automaton such that if q =>" Q’, then q’ < q 
for all qd’ € Q’. 

The automaton ./*'*[y] has the following property. For every persistent 
state q € F there exists a state q’ such that 


(i) q —° {q} for every letter a and 


(ii) whenever q >*% Q’, then either q E Q’ or Q! = {q'}. 
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(Every q ¢ F is of the form [y XU x], which means that we can choose 
qd = [x]-) We call very weak alternating automata that have this property 
ultra weak alternating automata and a state as q’ above a discharging state 
for q and denote it by q°@. 


Lemma 4.7. Let y be an LTL formula with n subformulas. Then /*!*[y] is 
an ultra weak alternating automaton with n states such that Z(.o/*"*[y]) = 


2 (¢). 


Proof. We only need to prove its correctness, which we do by an induction 
on the structure of y. We start with a simple observation. Let & be 
an accepting run of o/'*[y] on u and v € V? labeled ([y], i) for some 
w € sub(y). Then #|v can be turned into an accepting run of o/*!*{y] 
on ult, *) by changing each second component j of a vertex label to j — i. 
Clearly, for this to be true Z needs to be minimal (see above). 

For the induction base, first assume y = tt or y = ff. There is nothing 
to show. Second, assume ọ = p and suppose u |= y. Then p € u(0), that is, 
the two-vertex tree where the root is labeled ([p],0) and its only successor 
is labeled (p,0) is an accepting run of /*"*[y] on u. Conversely, if Z is a 
(minimal) run of *!*[y] on u, then Z has two vertices labeled ([p],0) and 
(p,0), respectively. This implies p € u(0), which, in turn, implies u = y. 
An analogous argument applies to ~p. 

In the inductive step, first assume y = Wo A vy. If there exists an 
accepting run Z of 2/?!*[y] on u, then, because of 6([y]) = (lyol) A 4((v1]), 
the root has successors vo and vı such that 17 (v;i) = (d([vi]),0). For every 
i, we can turn Z |v; into an accepting run 2; of 2?!'*[y;] on u by adding a 
new root labeled ([y;], 0). By induction hypothesis, we obtain u = y; for 
every i, hence u — wy. Conversely, assume u = y. Then u = y; for i < 2, 
and, by induction hypothesis, there exist accepting runs 2; of ° fpi] on 
u for i < 2. These runs can be turned into an accepting run of sty] 
on u by simply making their vertex sets disjoint, removing their roots, and 
adding a new common root labeled ([y}, 0). 


A similar argument applies to formulas of the form Yo V 1. 

Next, assume y = YXU y. Suppose Z is an accepting run of A*t |y] on u 
and let vo be the root of this run. Also, let u; = uli, *) for every i. Then, by 
definition of accepting run, 1” (vo) = ([YXUx], 0). From the definition of the 
transition function we can conclude that vg has a successor, say v1, which 
is labeled by (O[x] v (O[2)] A O[w XU x]), 0), which, in turn, has a successor, 
say v2, which is labeled by either (O[x],0) or (O[¢] A Oly XU x],0). In 
the first case, there is a further successor labeled ([y],1) and we obtain 
u1 = x from the induction hypothesis, hence, u = y. In the second case, 
we know there exist successors v3 and v4 of v2 labeled (O[t) XU x], 0) and 
(O[w],0), respectively, which themselves have successors v4 and v4 labeled 
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(lY XU x], 1) and ([4], 1), respectively. By induction hypothesis, we obtain 
uı = Y. Applying the same arguments as before, we find that either there 
is a vertex labeled ([x],2) or there are vertices vg and vg labeled |(Y XU 
x,2)] and ([w],2), respectively. In the first case, we get u = y because 
we also know u1 | Y, whereas in the second case we can again apply the 
same arguments as before. Continuing in this fashion, we find that the 
only case which remains is the one where we have an infinite sequence of 
vertices v4, Vg, V12;... on the same branch and every vertex with label in 
Q x w is labeled ([y],2), which means that this branch is not accepting—a 
contradiction. 

For the other direction, assume u } y and use the same notation as 
before. Then there is some j > 0 such that uj = x and u; = w for all 2 
with 0 <i < j. By induction hypothesis, there are accepting runs #; for i 
with 0 <i < j of #*"*[y] on u; and an accepting run Z; of e/?!*[y] on uj. 
Assume that v1,...,v; are the roots of these trees and assume that their sets 
of vertices are pairwise disjoint. Then we can construct an accepting run # 
for *'*[y] on u as follows. The vertices of Z are the vertices of the #,’s 
and, in addition, the vertices wo, wo, Wg, Wo’, Wo, W1,- ++, Wj—1, Wh 1, W41- 
The labeling is as follows: 


e w; is labeled ([y],2) for i < J, 
e wi is labeled (O[x] v (Of) A O[y]), i) for i < j, 
e wy’ is labeled (O[w] A Ofy], i) for i < j — 1, 
e w;” is labeled (Ofọ], i) for i < j — 1, 
e w; is labeled (O[y],i) for i < j — 1, and 
e w7 is labeled (O[x],7 — 1). 
The tree Z has all edges from the &;,’s and, in addition, 


AA 


e edges such that wowgwgo wo’... wj-1w; w7. 


4-105 is a path and 
e edges (wi, w;) and (w;,v;) for every i < j. 
This yields an accepting run of /*!*[y] on u. 
Finally, XR can be dealt with in a similar fashion. Q.E.D. 


It is not very difficult to translate alternating Büchi automata into non- 
deterministic Büchi automata, as was shown by Miyano and Hayashi [87], 
but it yields a worse upper bound compared to a translation from ultra 
weak alternating automata to Büchi automata. This is why we present the 
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Let & be an ultra weak alternating automaton over a fi- 
nite set P of propositional variables. The generalized Büchi 
automaton for <, denoted o&/2%®4, is defined by 


where 


e the transition relation A contains a transition 
(Q’,a,Q”) if for every q E€ Q’ there exists a set Qy 
such that q ~%° Q, and Uco Qa E Q” and 


e the set F of acceptance sets contains for every q ¢ F 
the set F} defined by {Q' C Q: EQ or g ¢ Q'}. 


FIGURE 21. From ultra weak to generalized Büchi automata 


latter. Another advantage of this translation is that it can be simplified by 
going through alternating generalized Büchi automata. 

The main idea of the translation from ultra weak alternating automata to 
(generalized) Büchi automata is to use a powerset construction to keep track 
of the individual branches of an accepting run of the alternating automaton. 
There are two technical problems that we face in the translation. First, we 
need to take care of the vertices in the runs which are not labeled with a 
state (but with a transition condition), and, second, we need to take care 
of the acceptance condition. The first problem is similar to removing €- 
transitions and the second problem can be solved by using the fact that the 
automata are ultra weak. The entire construction is described in Figure 21. 


Lemma 4.8. Let & be an ultra weak alternating automaton with n states 
and k final states. Then 8B4 is an equivalent generalized Biichi automaton 
with 2” states and k acceptance sets. 


Proof. The claim about the number of states and the number of acceptance 
sets is obvious. We only need to show that the translation is correct. 
First, assume u € (æ). Then there is an accepting run # of & on 
u (which we assume to be minimal again). We say a vertex v € V® isa 
state vertex if the first component of its label is a state. Let Z’ be the 
tree which is obtained from & by “removing” the non-state vertices while 
keeping their edges. Formally, Z’ is constructed inductively as follows. We 
start with the root of Z, which is a state vertex by definition. Then, once 
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we have a vertex v of &’, we add all state vertices v’ of Z as successors of 
v to &' which can be reached from v in & via a path without state vertices 
(not counting the first and last vertex). 

The tree Z’ has the following property. When v is a vertex labeled (q, i) 
and {vo,...,Um—1} is the set of its successors where v; is labeled (q;,7;), 
then q >" {qo,...,dm—1} and ij = i+ 1 for every j < m. This is because 
the definition of =®7 simply models the requirements of a run. 

Using the above property of 2’ we can easily construct a run r of e284 
on u as follows. We simply let r(z) be the set of all q such that there exists 
a vertex v in Z’ labeled (q, i). By definition of 78®4, this is a run. What 
remains to be shown is that r is an accepting run. 

Assume q ¢ F and i is an arbitrary number. We have to show that 
there exists j > i such that r(j) € Fy. If there is some j > i such that 
q €r(j), this is true. So assume that q € r(j) for all j > i. By construction 
of & there exists a vertex vo in & which is labeled (q,7). If one of the 
successors of vo is labeled qf in the first component, then r(i +1) € Fy, 
which is enough. If, on the other hand, all successors are labeled distinct 
from qf in their first component, then, since ./ is assumed to be ultra weak, 
one of the successors, say v1, is labeled q in the first component. We can 
apply the same argument as before to vı now. We find that r(i +2) € F; 
or we find a successor v2 of vı with q in the first component of its label, 
too. If we continue like this and we do not find r(j) such that r(j) € Fy, 
we obtain an infinite path vovi ... in & where every v; is labeled q in the 
first component. This path can be prefixed such that it becomes a branch 
of Z, and this branch is not accepting—a contradiction to the assumption 
that Z is accepting. 

For the other direction, assume u € (2”)” is accepted by o/%?4 and let r 
be an accepting run of /8?4 on u. For every i and every q € r(i), let Qi, be 
a set such that q +%9.5@ Qi for all q € r(i) and U{Qi: q € r()} C rò). 
By definition of ./%°4, such sets exist. For some combinations of q and i 
there might be several choices for Qi. By convention, if q% € r(i +1), we 
let Qi = {qf}, which is a possible choice since / is assumed to be ultra 
weak. Using these sets, we construct a tree & from r inductively as follows. 
We start with the root and label it (q7,0). If we have a vertex v labeled 
(q, i), we add a successor to v for every q' € Qj, and label it (q’,i +1). By 
expanding &’ according to the semantics of the transition conditions, we 
obtain a tree Z which is a run of & on u. It remains to be shown that this 
run is accepting. Assume this is not the case. Then, because & is ultra 
weak, there is a non-final state q, a branch vovi... of Z’, and a number 
i such that the label of v; is (q,j) for all j > i. This implies q € Q4 for 
all j > i. Since r is accepting, we know that there exists 7 > i such that 
q £ r(j) or q% € r(j). The first condition is an immediate contradiction. So 
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assume q@ € r(j) for some j > i. Since we have q € r(j — 1), we also have 
Qi = {q} by construction—a contradiction. Q.E.D. 


Combining the previous lemma and Remark 4.5 yields an alternative 
proof of Corollary 4.6. Very weak alternating automata are interesting for 
another reason, too: 


Theorem 4.9 (Rohde, [103]). For every very weak alternating automaton 
æ there exists an LTL formula y such that Z (p) = L(A). 


This was also proved by Löding and Thomas [81] and a proof of it can be 
found in [30]. 


4.4 LTL satisfiability, model checking, and realizability 


We can now return to the problems we are interested in, satisfiability, va- 
lidity, model checking, and realizability. 


Theorem 4.10 (Clarke-Emerson-Sistla, [27]). LTL satisfiability is 
PSPACE-complete. 


Proof. Given an LTL formula y over a set P of propositional variables, 
we construct a Büchi automaton equivalent to y and check this automa- 
ton for nonemptiness. Clearly, this procedure is correct. To determine its 
complexity, we use the following simple fact from complexity theory. 


(t) Let f: A* — B* be a function computable in PSPACE and L C B* a 
problem solvable in nondeterministic logarithmic space. Then f~1(P) € 
PSPACE. 


When we apply (f) to the situation where f computes the above Biichi 
automaton equivalent to y and L is the problem whether a Biichi automaton 
accepts some word, then we obtain that our problem is in PSPACE. 


For the lower bound, we refer the reader to [27] or [106]. Q.E.D. 


For model checking, the situation is essentially the same as with S1S. 
When we are given a finite-state automaton J over the alphabet 2? for 
some finite set P of propositional variables and y is an LTL formula over 
P, we write 2 H ọ if u H ọ for all u € &(Y). LTL model checking is the 
problem, given Y and y, to determine whether 2 |= y, that is, whether 
L (D) © L(¢). 


Theorem 4.11. (Sistla-Clarke-Lichtenstein-Pnueli, [109, 80]) 


(1) LTL model checking is PSPACE-complete. 


(2) Given a formula y with n subformulas and a finite-state automaton 
2 of size m, whether 2 | ọ holds can be checked in time 2°™ m. 
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Proof. The same approach as in Section 2.1 yields the desired upper bounds. 
Given a finite set of propositional variables P, a finite-state automaton 2 
over 2? , and an LTL formula over P, we first construct the product & x 2 
where & is a Biichi automaton equivalent to ay. We have L (% x D) = Ø 
if and only if 2 |} y. So, to conclude, we apply an emptiness test. 

The number of states of the product is at most (k + 1)2” -m where n 
is the size of y, the number k is the number of XU-formulas in » (after 
transformation to positive normal form), and m is the number of states 
of 2. Using the same complexity-theoretic argument as in the proof of 
Theorem 4.10, we obtain part 1. 

Part 2 follows from the fact that an emptiness test for a Biichi automaton 
can be carried out in time linear in the size of the automaton. 


For the lower bound, we refer the reader to [27]. Q.E.D. 


Finally, we turn to realizability, which is defined as with S1S (see Sec- 
tion 2.4). An LTL realizability instance is an LTL formula over a set 
P = {po,.--;Pm—1;,40;--+;Qn—1} Of propositional variables. Just as ear- 
lier in this section, we interpret such formulas in words over [2]m+n, which 
means that a solution of such an instance is a function f: [2]7, — [2], satis- 
fying the requirement known from the S15 setting, that is, u~v = wy holds 
for every u € [2] and v € [2]% defined by v(i) = f(u[0,i]) for every i. 


We can use the same technique as in Section 3 to obtain the following result: 


Theorem 4.12 (Pnueli-Rosner, [99]). LTL realizability is complete for dou- 
bly exponential time. Moreover, for every positive instance a finite-state 
machine realizing a finite-state solution can be computed within the same 
time bound. 


Proof. Consider the following algorithm for solving a given instance y over 
{po,---;Pm—1;40;-+-;Qn—1}- First, consider the game |y] which is ob- 
tained using the construction from Figure 10 with the $15 formula replaced 
by the LTL formula. Second, compute a Biichi automaton & equivalent 
to y according to Corollary 4.6. Third, turn & into a deterministic par- 
ity automaton Z according to 2.14. Fourth, let Z = Y[y] x Z be the 
game obtained from expanding Y[y] by Z. Fifth, solve the game ¥ using 
Theorem 2.21. Player 0 wins Y if and only if ọ is a positive instance of 
realizability. 

To prove the desired complexity bound let n be the number of subformu- 
las of y and observe the following. The size of & is at most (n+1)2”. There- 
fore, the worst-case size of Z is 202" 18") and Z has at most 3(n + 1)2” 
priorities. Theorem 2.21 now gives the desired upper bound. 

The additional claim about the finite-state solution follows from Lem- 
mas 2.16 and 2.17. For the lower bound, see [104]. Q.E.D. 
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In the remainder of this section, we present an alternative approach to 
solving the realizability problem, which is interesting in its own right. 

Let y be an instance of the realizability problem as above. Formally, 
a solution of ọ is a function f: [2], —> [2],. Such a function is the same 
as a [2]-branching [2],-labeled tree (where the root label is ignored). In 
other words, the set of all solutions of a given instance of the realizability 
problem is a tree language. This observation transforms the realizability 
problem into the framework of tree languages and tree automata, and we 
can apply tree-automata techniques to solve it. 

Let t: [2]*, — [2]n be any [2],,-branching [2],-labeled tree. The tree 
can be turned into a potential solution to the instance ọ if the label of 
the root is forgotten. The resulting function is denoted by t-e. We set 
Zolo) = {t: [2], Qn: t-e solves p}. 

We next show that o(p) is a tree language which can be recognized 
by a universal tree automaton. We need, however, a more general notion of 
universal tree automaton as in Section 3.3. Also, we need to massage the 
formula y a little to arrive at a simple automata-theoretic construction. 


A universal co-Biichi tree automaton with set of directions D is a tuple 
(A, D,Q, 97,4, F) 


where A, Q, qr, and F are as usual, and where D is a finite set of directions 
and AC Qx Ax Dx Q is a transition relation. Following the definition 
from Section 3.3, a word r € Q” is said to be a run for branch u € D® 
if (r(2), t(u[O,2)), u(z), r(¢ + 1)) € A for every i and r(0) = qr. A tree is 
accepted if every r E€ Q” which is a run for some branch satisfies the co- 
Biichi acceptance condition. The latter means that r(i) € F only for finitely 
many 2. 

The technical problem one faces when constructing an automaton for 
Looi(y) is that a tree automaton has transitions of the form (q,a,d,q’), 
so, when applied to the above setting, in one transition the automaton 
consumes an output of the device we are looking for and the next input. 
For our construction it would be much better to have automata that in 
one transition consume an input and a corresponding output. Rather than 
modifying our standard automaton model, we resolve the issue on the logical 
side. For a given formula y = y(po,-.--,Pm—1;%0;---;Qn—1) we consider the 
formula y* defined by 


y* = (po, sR »Pm—1; Xqo, see »Xdn—1)- 


(Recall that X stands for the temporal operator “next”.) This formula 
moves the output one position to the right, more precisely, 


Lp) = {Pad a?...: OP Aad a} ---€ LX}. (12) 
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Let y = v(po,---;Pm—1;90,---+;Gn—1) be an instance of the 
LTL realizability problem and æ a Biichi automaton such 
that (A) = L£(-~*). The universal co-Biichi tree au- 
tomaton for y, denoted ./*°"[y], is defined by 


Ao] = (Bjr, (2m, Q, qr, A, F) 


where 


A’ = {(q,a,d,q'): (q, d^a, qd) € A}. 


FIGURE 22. From an LTL realizability instance to a universal tree automa- 
ton 


A universal co-Büchi tree automaton for a given LTL formula y as above 
is now easily constructed, as can be seen in Figure 22. 


Lemma 4.13. Let y = y(po,---;Pm—1;40;--+>Qn—1) be an instance of the 
LTL realizability problem. Then Z (Ajip) = Zoly). Q.E.D. 


Universal co-Büchi tree automata for D-branching trees as defined above 
are a special case of universal parity tree automata for D-branching trees, 
which can be turned into nondeterministic parity tree automata for D- 
branching trees in the same fashion as this was explained for automata on 
binary trees in Figure 16. The same is true for the emptiness test for parity 
tree automata on D-branching trees, which can be solved by constructing 
a parity game along the lines of the construction depicted in Figure 13 and 
solving this game. 


4.5 Notes 


The automata-theoretic decision procedure for LTL model checking de- 
scribed in this section has had a great practical impact, because it has 
been implemented in an industrial setting, see, for instance, [57], and used 
to verify real-world computing systems (mostly hardware). Much research 
has gone into improving the algorithm in several respects, but also into 
extending its applicability, for instance, more expressive logics and larger 
classes of devices have been looked at, see, for instance, [14, 25, 44, 70]. It is 
also noteworthy that LTL is the basis for industrial specification languages 
such as ForSpec [2] and PSL [34] and that the automata-theoretic approach 
underlies industrial implementations of specification languages [3]. 
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An important aspect of this section is the use of alternating automata, 
which were introduced into the theory of automata on infinite objects by 
Muller and Schupp [90]. The only gain from this presented in the current 
section is Theorem 4.9, but this is probably the least important aspect in 
this context. What is more important is that weak alternating automata 
are as powerful as nondeterministic Buchi automata, which was proved by 
Kupferman and Vardi [72, 73]. This result motivated new research, which, 
for instance, brought about new complementation constructions [72, 73, 
121]. As we see in the remaining two sections, alternation is even more 
important in the context of tree languages. 

We refer to [123] for a collection of open algorithmic issues with regard 
to automata-theoretic LTL model checking. 


5 Computation tree logic 


Certain temporal properties of a system cannot be specified when runs of 
the system are considered separately, as we do this with LTL. For instance, 
when one wants to specify that no matter which state a system is in there 
is some way to get back to a default state, then this cannot be stated in 
LTL. The reason is that the property says something about how a run can 
evolve into different runs. 

This observation motivates the introduction of specification logics that 
compensate for the lack of expressive power in this regard. The first logic of 
this type, called UB, was introduced by Ben-Ari, Manna, and Pnueli [7] in 
1981. Another logic of this type is computation tree logic (CTL), designed 
by Clarke and Emerson [36], which is interpreted in the “computation tree” 
of a given transition system. This is the logic we study in this section, in 
particular, we study satisfiability and model checking for this logic. 

Many of the proofs in this section are very similar to proofs in the 
previous section. In these cases, we only give sketches, but describe the 
differences in detail. 


5.1 CTL and monadic second-order logic 


CTL mixes path quantifiers and temporal operators in a way such that a 
logic arises for which model checking can be carried out in polynomial time. 
The syntax of CTL is as follows: 


e tt and ff are CTL formulas, 

e every propositional variable is a CTL formula, 

e if y is a CTL formula, then so is 7y, 

e if y and wy are formulas, then so are pV w, E(y XUV), and A(y XU 4). 
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CTL formulas are interpreted in transition systems, which we introduce 
next. Such a system is a simple, state-based abstraction of a computing 
device. Formally, it is a tuple 


JZ =(P,S,>,1) 


where P is a finite set of propositional variables, S is a set of states, — C 
S x S is a transition relation in infix notation, and l: S — 2” is a labeling 
function assigning to each state which propositional variables are true in it. 
A computation of such a transition system starting in a state s is a word 
u E€ St U S% such that 


(i) u(0) =s, 
(ii) u(i) — u(i + 1) for all i with i+1 < |u|, and 


(iii) u is maximal in the sense that if u is finite, then u(x) must not have 
any successor. 


Given a CTL formula y, a transition system .% over the same set P of 
propositional variables, and a state s of Z, it is defined whether y holds 
true in Z at s, denoted Z, s H ¢y: 


e Zs tt and Z, s j ff, 


e Y,sEpif pe lls), 
e F, s= vif F, s ky, 


e Z sEuvVyif %,s Ew or %,s Hx, fory and x CTL formulas, 


e .%,s H E(w XU x) if there exists a computation u of Z starting at 
s and j > 0 such that .Y%,u(j) = x and Z, u(i) H| w for all i with 
O0<i<j. 


e %,5 H A(w XU y) if for all computations u of Z starting at s there 
exists j > 0 such that .%,u(j) = x and Z, u(i) = y for all i with 
O<i<j. 


Just as with LTL, other operators can be defined: 
e “in all computations always” is defined by AGy = y A 7E(tt XU 79), 


e “in some computation eventually” is defined by EFy = pV E(tt XU y). 
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An interesting property one can express in CTL is the one discussed above, 
namely that from every state reachable from a given state a distinguished 
state, indicated by the propositional variable pg, can be reached: 


AGEF pu. (1.3) 


Another property that can be expressed is that every request, indicated by 
the propositional variable p,p, is eventually acknowledged, indicated by the 
propositional variable pa: 


AG(p, > AX AF pa). (1.4) 


It is interesting to compare the expressive power of CTL with that of 
LTL. To this end, it is reasonable to restrict the considerations to infinite 
computations only and to say that a CTL formula y and an LTL formula 
w are equivalent if for every transition system .” and every state s € S$ 
the following holds: .%,5 — p iff I(u(0))l(u(1))... H y for all infinite 
computations u of Z starting in s. 

The second property from above can be expressed easily in LTL, namely 
by the formula G(p, — XF pq), that is, this formula and (1.4) are equivalent. 
Clarke and Draghicescu showed that a CTL property is equivalent to some 
LTL formula if and only if it is equivalent to the LTL formula obtained 
by removing the path quantifiers [26]. But it is not true that every LTL 
formula which can be expressed in CTL is expressible by a CTL formula 
which uses universal path quantifiers only. This was shown by Bojanczyk 
[10]. 

An LTL formula which is not expressible in CTL is 


GFp, (1.5) 


which was already pointed out by Lamport [77]. 

In order to be able to recast satisfiability and model checking in a (tree) 
automata setting, it is crucial to observe that CTL formulas cannot dis- 
tinguish between a transition system and the transition system obtained 
by “unraveling” it. Formally, the unraveling of the transition system 7 at 
state s E€ S, denoted F%(.%), is the tree inductively defined by: 


e sis the root of Z(.A%), 


e if v € S* is an element of V7(”) and v(*) => s’, then vs! € V79(7) 
and (v, vs’) € EZP), 


e 17) (v) = 17 (v(*)) for every v € V7), 


Henceforth, a tree with labels from 2? , such as the unraveling of a transition 
system, is viewed as a transition system in the canonical way. When we 
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interpret a CTL formula in a tree and do not indicate a vertex, then the 
formula is interpreted at the root of the tree. 

The formal statement of the above observation can now be phrased as 
follows. 


Lemma 5.1. For every CTL formula y, transition system .”, and state 
sES, 


F,s =p iff TAF) E y. 


Proof. This can be proved by a straightforward induction on the structure 
of y, using a slightly more general claim: 


Z Ho if F(S)veEy 


for every state s’ € S' and every vertex v of 7%(.%) where u(*) = s’. Q.E.D. 


The previous lemma says that we can restrict attention to trees, in 
particular, a CTL formula is satisfiable if and only if there is a tree which is 
a model of it. So when we translate CTL formulas into logics on trees which 
satisfiability is decidable for, then we also know that CTL satisfiability is 
decidable. 

We present a simple translation of CTL into monadic second-order logic. 
There is, however, an issue to be dealt with: S2S formulas specify properties 
of binary trees, but CTL is interpreted in transition systems where each 
state can have more than just two successors. A simple solution is to use 
a variant of S2S which allows any number of successors but has only a 
single successor predicate, suc. Let us denote the resulting logic by SUS. 
As with LTL, we identify the elements of 2? for P = {po,...,Pn—1} with 
the elements of [2],,. 


Proposition 5.2. Let P = {po,...,pn—1} be an arbitrary finite set of 
propositional variables. For every CTL formula y over P an SUS formula 
p = P(Xo,...,Xn-1) can be constructed such that Z = ọ if and only if 
J | @ for all trees Z over 2? (or [2],). 


Proof. What we actually prove is somewhat stronger, analogous to the proof 
for LTL. We construct a formula ¢ = (Xo, ..., Xn—-1, £) such that Z,v = 
y if and only if 7,v = ¢ for all trees Z and v € V7. We can then set 
G = Ax(Yroot(x) A Ê) where Yroot(x) = Vy(—suc(y, x)) specifies that x is the 
root. 

For the induction base, assume y = p;i. We can set ~ to x € Xj. 
Similarly, for y = ~p; we can set ~ to 7x € Xj. 

In the inductive step, we consider only one of the interesting cases, 
namely where y = A(w XU x). We start with a formula Yelosed = Yclosea( X) 
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which is true if every element of X has a successor in X provided it has a 
successor at all: 


Pelosed = Vu(a E€ X A Ay(suc(a, y)) > dy(suc(x, y) Ay € X)). 


We next write a formula Ypatn(z,X) which is true if X is a maximum path 
starting in z: 


Ppath = T EXA Pelosed( X) A 
VY (x EY A Gctosed(Y) AY C X > X=Y). 


We can then set 


Ê = YX (Ypath(z, X) > 
Jz(z € X Anz = £ A &(z) A Yylæ < y < z > Wy))). 


The other CTL operators can be dealt with in a similar fashion. Q.E.D. 


The desired decidability result now follows from the following result on 
SUS. 


Theorem 5.3 (Walukiewicz, [128]). SUS satisfiability is decidable. 


This result can be proved just as we proved the decidability of satisfia- 
bility for S2S, that is, using an analogue of Rabin’s Theorem. This analogue 
will use a different kind of tree automaton model which takes into account 
that the branching degree of the trees considered is unbounded and that 
there is one predicate for all successors. More precisely, a transition in 
such an automaton is of the form (q,a, QE, Q^) where QE, Q^ C Q. Such 
a transition is to be read as follows: If the automaton is in state q at a 
vertex labeled a, then for every q’ € QE there exists exactly one successor 
that gets assigned q’ and all the successors that do not get assigned any 
state in this fashion get assigned exactly one state from Qô. In particu- 
lar, if QE = Q^ = Ø, then the vertex must not have a successor. In [128], 
Walukiewicz actually presents a theorem like Biichi’s and Rabin’s: He shows 
that there is a translation in both directions, from SUS formulas to such 
automata and back. 


Corollary 5.4. CTL satisfiability and model checking are decidable. 


That model checking is decidable follows from the simple observation 
that in SUS one can define the unraveling of every finite transition system. 
We conclude this introduction to CTL with further remarks on SUS and 
its relationship to CTL. There is a logic related to SUS which was already 
studied by Rabin and which he denoted SwS. This is the logic interpreted 
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in the countably branching tree w* where, for each i, there is a separate 
successor relation suc;(-,-). Observe that—as noted in [60]—in this logic 
one cannot even express that all successors of the root belong to a certain 
set, which can easily be expressed in CTL and SUS. 

Observe, too, that in SUS one can express that every vertex of a tree 
has at least two successors, namely by 


Va(Ayoryi(suc(x, yo) Asuc(2, y1) A yo = y1). 


This is, however, impossible in CTL. More precisely, CTL cannot distinguish 
between bisimilar transition systems whereas SUS can do this easily. 


5.2 From CTL to nondeterministic tree automata 


We next show how to arrive at good complexity bounds for satisfiability and 
model checking by following a refined automata-theoretic approach. For 
satisfiability, we can use nondeterministic automata and vary the approach 
we used for handling LTL in Section 4, while for model checking, we have 
to use alternating tree automata. 

As pointed out above, the nondeterministic tree automaton model we 
defined in Section 3 was suited for binary trees only, which is not enough 
in the context of CTL. Here, we need an automaton model that can handle 
trees with arbitrary branching degree. We could use the tree automaton 
model explained in Section 5.1, but there is another model which is more 
appropriate. Following Janin and Walukiewicz [59], we use a tree automaton 
model which takes into account that properties like the one mentioned at 
the end of Section 5.1 cannot be expressed in CTL. 


A generalized Biichi tree automaton in this context is a tuple 
B= (A, Q,Q1, A, F) 


where A, Q, Qr, and ¥ are as with generalized Biichi (word) automata and 
ACQx Ax 22@ x 2@ is a transition relation. 

A transition of the form (q,a, QE, Q^) is to be read as follows: If the 
automaton is in state q at vertex v and reads the label a, then it sends each 
state from QF to at least one of the successors of v and every successor of v 
is at least sent one of the states from QE U Q^; the same successor can get 
sent several states. 

Formally, a run of æ% on a tree J isa (Qx V7 )-labeled tree 2 satisfying 
the following conditions. 


(i) The root of Z is labeled (q, root(.7)) for some q € Qr. 


(ii) For every vertex w € V%, if (q,v) is the label of w, then there exists 
a transition (q, 17 (v), QE, Q^) € A such that: 
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(a) For every v’ € sucs7 (v) there exists w’ € sucs”(w) labeled 
(q, v’) for some q’ € QEU QÔ, that is, every successor of v occurs 
in a label of a successor of w. 


(b) For every q' € QE there exist v’ € sucs? (v) and w’ € sucs? (w) 
such that w’ is labeled (q', v). That is, every state from QE occurs 
at least once among all successors of w. 


Such a run is accepting if every branch is accepting with respect to the given 
generalized Büchi condition just as this was defined for generalized Büchi 
word automata. 

Observe that in this model the unlabeled tree underlying a run may not 
be the same as the unlabeled tree underlying a given input tree. Copies of 
subtrees may occur repeatedly. 

As an example, let P = {p} and A = 2” and consider the tree language L 
which contains all trees over A that satisfy the property that every branch is 
either finite or labeled {p} infinitely often. An appropriate Büchi automaton 
has two states, gg and q{p}, where qø is initial and q,,j is final, and the 
transitions are (q,a,{qa}) and (q,a, Ø, Ø) for any state q and letter a. 

The idea for translating a given CTL formula into a nondeterministic 
tree automaton follows the translation of LTL into nondeterministic word 
automata: In each vertex, the automaton guesses which subformulas of the 
given formula are true and verifies this. The only difference is that the path 
quantifiers E and A are taken into account, which is technically somewhat 
involved. The details are given in Figure 23, where the following notation 
and terminology is used. Given a set Ų of CTL formulas over a finite set 
P of propositional variables and a letter a € 2? we say that W is consistent 
with a if 


eo ffy, 
e p€ T iff p € a, for all p € P, and 


e for Y € Y, if y = po V Yı, then Y; E€ Y for some i < 2, and if 
Y = po A Yı, then {40, Y1} C Y. 


Further, a set Y’ is a witness for E(YXU x) if x € Y’ or {w, E(YXUx)} CW’. 
Similarly, Y’ is a witness for E(YXRx) if {~, x} C V’ or {x, E(WXRx)} € Y. 
The analogue terminology is used for A-formulas. When W is a set of CTL 
formulas, then Yeg denotes the formulas of the form E(YXU x) and E(YXRx), 
that is, the set of all E-formulas in W, and, similarly, Ya denotes the set of 
all A-formulas in W. 

The only interesting aspect of the construction is (iv) of the definition 
of a transition. It would be more natural to omit (iv), and, indeed, the 
construction would then also be correct, but the resulting automaton would 
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Let P be a finite set of propositional variables and y a CTL 
formula over P in positive normal form. The generalized 
Biichi tree automaton for y with respect to P, denoted x£ |p], 
is defined by 


Ag] = (2°, 2), Qr A, F) 
where Qr = {UW C 2™>(Y): p € Y} and 
F = {Feawxuy): QIY XU x] € sub(y) and Q € {E, A}} 
with 
Fowxux] = {Y C sub(y): x € Y or Qly XU x] ¢ Y}, 


and where A contains a transition (Y, a, QE, QÔ) if the fol- 
lowing conditions are satisfied: 


(i) Y is consistent with a, 


(ii) for every Y € Ye there exists Y’ € QF which witnesses 
it and Q^ contains all Y C sub(y) that contain a wit- 
ness for every Y € Va, 


(iii) every Y’ € QE witnesses every Y € Va, 


(iv) |QF| < |sub(y)el. 


FIGURE 23. From CTL to generalized Biichi tree automata 


be too large. On the other hand, (iv) is not a real restriction, because 
the semantics of CTL requires only one “witness” for every existential path 
formula. 

Before formally stating the correctness of the construction, we introduce 
a notion referring to the number of different states which can be assigned 
in a transition. We say that a nondeterministic tree automaton & is m- 
bounded if |Q=| < m holds for every (q,a,Q®,Q’) € A. 


Lemma 5.5. Let y be an arbitrary CTL formula with n subformulas, m 
E-subformulas, and k U-subformulas. Then [vy] is an (m + 1)-bounded 
generalized Büchi tree automaton with 2” states, k acceptance sets, and 
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Let & be a nondeterministic Biichi tree automaton. The 
emptiness game for &, denoted g|], is defined by 


Gol A] = (Q, A, qr, Mo U Mi, F) 


where 


Mo = {(4, Q5, Q^): 3a3Q^((q, a, QF, Q^) € A)}, and 
M =4{(Q,0: 4E Q} 


FIGURE 24. Emptiness game for nondeterministic Büchi tree automaton 


such that Z (A |pl]) = L(y). 


Proof sketch. The claim about the size of the automaton is trivial. The 
proof of its correctness can be carried out similar to the proof of Theo- 
rem 4.4, that is, one proves Y (A |p]) C -Z(p) by induction on the struc- 
ture of y and L(y) C Z(A|p]) by constructing an accepting run di- 
rectly. Q.E.D. 


It is very easy to see that the construction from Figure 18 can also be 
used in this context to convert a generalized Büchi tree automaton into a 
Büchi automaton. To be more precise, an m-bounded generalized Büchi 
tree automaton with n states and k acceptance sets can be converted into 
an equivalent m-bounded Büchi tree automaton with (k + 1)n states. 

So in order to solve the satisfiability problem for CTL we only need 
to solve the emptiness problem for Büchi tree automata in this context. 
There is a simple way to perform an emptiness test for nondeterministic tree 
automata, namely by using the same approach as for nondeterministic tree 
automata working on binary trees: The nonemptiness problem is phrased 
as a game. Given a nondeterministic Büchi tree automaton /, we define 
a game which Player 0 wins if and only if some tree is accepted by &. To 
this end, Player 0 tries to suggest suitable transitions while Player 1 tries to 
argue that Player 0’s choices are not correct. The details of the construction 
are given in Figure 24. 


Lemma 5.6. Let & be a nondeterministic Biichi tree automaton. Then 
the following are equivalent: 


(A) L(A) Ø. 
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(B) Player 0 wins Yg[]. 


Proof. The proof of the lemma can be carried out along the lines of the 
proof of Lemma 3.3. The only difference is due to the arbitrary branching 
degree, which can easily be taken care of. One only needs to observe that 
if there exists a tree which is accepted by /, then there is a tree with 
branching degree at most |Q| which is accepted. Q.E.D. 


We have the following theorem: 


Theorem 5.7 (Emerson-Halpern-Fischer-Ladner, [37, 45]). CTL satisfia- 
bility is complete for deterministic exponential time. 


Proof. The decision procedure is as follows. A given CTL formula y is first 
converted into an equivalent generalized Büchi tree automaton & using the 
construction from Figure 23. Then æ is converted into an equivalent Biichi 
tree automaton 4 using the natural adaptation of the construction pre- 
sented in Figure 18 to trees. In the third step, Z is converted into the Biichi 
game Yg|4], and, finally, the winner of this game is determined. (Recall 
that a Btichi condition is a parity condition with two different priorities.) 

From Theorem 2.21 on the complexity of parity games it follows imme- 
diately that Biichi games (parity games with two different priorities) can 
be solved in polynomial time, which means we only need to show that the 
size of ø| Z] is exponential in the size of the given formula y and can be 
constructed in exponential time. The latter essentially amounts to showing 
that Z is of exponential size. 

Let n be the number of subformulas of y. Then æ is n-bounded with 
2” states and at most n acceptance sets. This means that the number 
of sets Q’ occurring in the transitions of ~& is at most gn so there are 
at most 2” +2” transitions (recall that there are at most 2” letters in the 
alphabet). Similarly, @ is n-bounded, has at most (n + 1)2” states, and 
20(”*) transitions. 
The lower bound is given in [45]. Q.E.D. 


5.3 From CTL to alternating tree automata 


One of the crucial results of Emerson and Clarke on CTL is that model 
checking of CTL can be carried out in polynomial time. The decision pro- 
cedure they suggested in [28] is a simple labeling algorithms. For every 
subformula w of a given formula y they determine in which states of a given 
transition system . the formula w holds and in which it does not hold. 
This is trivial for atomic formulas. It is straightforward for conjunction 
and disjunction, provided it is known which of the conjuncts and disjuncts, 
respectively, hold. For XR- and XU-formulas, it amounts to simple graph 
searches. 
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Emerson and Clarke’s procedure cannot easily be seen as a technique 
which could also be derived following an automata-theoretic approach. Con- 
sider the nondeterministic tree automaton we constructed in Figure 23. Its 
size is exponential in the size of the given formula (and this cannot be 
avoided), so it is unclear how using this automaton one can arrive at a 
polynomial-time procedure. 

The key for developing an automata-theoretic approach, which is due 
to Kupferman, Vardi, and Wolper [71], is to use alternating tree automata 
similar to how we used alternating automata for LTL in Section 4 and to 
carefully analyze their structure. 


An alternating Btichi tree automaton is a tuple 
A= (P,Q, qr, 6, F) 


where P, Q, qr, and F are as usual and ô is the transition function which 
assigns to each state a transition condition. The set of transition conditions 
over P and Q, denoted TC(P, Q), is the smallest set such that 


(i) tt, ff € TC(P, Q), 

(ii) p, ap € TC(P, Q) for every p € P, 
) 
) 


(iii) every positive boolean combination of states is in TC(P, Q), 


(iv) Oy, Oy € TC(P,Q) where y is a positive boolean combination of 
states. 


This definition is very similar to the definition for alternating automata on 
words. The main difference reflects that in a tree a “position” can have 
several successors: © expresses that a copy of the automaton should be sent 
to one successor, while O expresses that a copy of the automaton should be 
sent to all successors. So © and O are the two variants of O. 

There is another, minor difference: For tree automata, we allow positive 
boolean combinations of states in the scope of © and O. We could have 
allowed this for word automata, too, but it would not have helped us. Here, 
it makes our constructions simpler, but the proofs will be slightly more 
involved. 

Let J be a 2?-labeled tree. A tree Z with labels from TC(P,Q) x 
V7 isa run of & on J if 1” (root(2)) = (qr, root(.Z7)) and the following 
conditions are satisfied for every vertex w € V? with label (y, v): 


e7 #ff, 


e if y = p, then p € 17 (w), and if y = —p, then p ¢ 17 (w), 
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e 
= 


if y = 7’, then there exists v’ € sucs7(v) and w’ € sucs” (w) such 
hat 1# (w') = (7',v’), 


ce 


e if y = OY’, then for every v’ € sucs? (v) there exists w’ € sucs? (w) 
uch that 1? (w) = (7’,v’), 


n 


e 
= 


if y = Yo V V1, then there exists i < 2 and w € sucs” (w) such that 
4(w') = (miv), 


e if y = y A 1, then for every i < 2 there exists w’ € sucs? (w) such 
that 17 (w) = (yi, v). 


~ 


Such a run is accepting if on every infinite branch there exist infinitely many 
vertices w labeled with an element of F in the first component. 

The example language from above can be recognized by an alternating 
Büchi automaton which is slightly more complicated than the nondetermin- 
istic automaton, because of the restrictive syntax for transition conditions. 
We use the same states as above and four further states, q, Up} qı, and 
q. The transition function is determined by 


6(qr) = 41 Vq, 
ldo) = dip} A (a1 V 9); 5(dtp}) = P, 
6(q1) = Og', 6(q/.) = ff, 
6(q) = (qr V dp} )- 


The state qı is used to check that the automaton is at a vertex without 
successor. 

In analogy to the construction for LTL, we can now construct an al- 
ternating tree automaton for a given CTL formula. This construction is 
depicted in Figure 25. 

Compared to the construction for LTL, there are the following minor 
differences. First, the definition of the transition function is no longer in- 
ductive, because we allow positive boolean combinations in the transition 
function. Second, we have positive boolean combinations of states in the 
scope of © and O. This was not necessary with LTL, but it is necessary here. 
For instance, if we instead had 6([E(WXUx)]) = Ofy] V(O[MJAC[E(wXUy)]), 
then this would clearly result in a false automaton because of the second 
disjunct. 

We can make a similar observation as with the alternating automata 
that we constructed for LTL formulas. The automata are very weak in the 
sense that when we turn the subformula ordering into a linear ordering < 
on the states, then for each state q, the transition conditions 6(q) contains 
only states q’ such that q > q’. 
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Let y be a CTL formula in positive normal form over P and 
Q the set which contains for each Y% € sub(y) an element 
denoted [y]. The automaton /*"*[y] is defined by 


fo] = (P, Q, [y], ô, F) 
where 


6({tt]) = tt, O((ff]) = ff, 


ôE XU x)]) = S(x] v y] A [EW XU x)])), 
ôl [ECY XR x)]) = OCI A (Lx) v [EY XR x)])), 
ôA XU x))) = A([x] v (y] A [A XU x)])), 
ôA XR x)]) = a(x] A ([x] v [A XR x)])), 
and F contains all the elements [y] where w is not an XU- 


formula. 


FIGURE 25. From CTL to alternating tree automata 


Lemma 5.8 (Kupferman-Vardi-Wolper, [71]). Let y be a CTL formula 
with n subformulas. The automaton /*"[y] is a very weak alternating tree 
automaton with n states and such that @(0/?!*[A]) = L(y). 


Proof. The proof can follow the lines of the proof of Lemma 4.7. Since the 
automaton is very weak, a simple induction on the structure of the formula 
can be carried out, just as in the proof of Lemma 4.7. Branching makes the 
proof only technically more involved, no new ideas are necessary to carry it 
out. Q.E.D. 


As pointed out above, it is not our goal to turn /*!*[y] into a nondeter- 
ministic automaton (although this is possible), because such a translation 
cannot be useful for solving the model checking problem. What we rather 
do is to define a product of an alternating automaton with a transition sys- 
tem, resulting in a game, in such a way that the winner of the product of 
Atip] with some transition system -Z reflects whether y holds true in a 
certain state sz of Z. 
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The idea is that a position in this game is of the form (y, s) where y is 
a transition condition and s is a state of the transition system. The goal is 
to design the game in such a way that Player 0 wins the game starting from 
(qr, Sr) if and only if there exists an accepting run of the automaton on the 
unraveling of the transition system starting at sz. This means, for instance, 
that if y is a disjunction, then we make the position (y,s) a position for 
Player 0, because by moving to one of the two successor positions he should 
show which of the disjuncts holds. If, on the other hand, y = 07’, then 
we make the position a position for Player 1, because she should be able to 
challenge Player 0 with any successor of s. The details are spelled out in 
Figure 26, where the following notation and terminology is used. Given an 
alternating automaton x, we write sub(/) for the set of subformulas of 
the values of the transition function of æ. In addition, we write subt (2) 
for the set of all y € sub(.#) where the maximum state occurring belongs 
to the set of final states. 

Assume 2 is a very weak alternating Biichi automaton. Then £ xs, S 
is not very weak in general in the sense that the game graph can be extended 
to a linear ordering. Observe, however, that the following is true for every 
position (q, s): All states in the strongly connected component of (q, s) are of 
the form (7, s’) where q is the largest state occurring in 7. So, by definition 
of & Xs, F, all positions in a strongly connected component of & Xs, S 
are either final or nonfinal. We turn this into a definition. We say that a 
Biichi game is weak if for every strongly connected component of the game 
graph it is true that either all its positions are final or none of them is. 


Lemma 5.9. Let & be an alternating Biichi tree automaton, Z a transi- 
tion system over the same finite set of propositional variables, and s; € S. 
Then F, (S) € L(A) iff Player 0 wins &% Xs, Z. Moreover, if æ% is a very 
weak alternating automaton, then & Xs, Z is a weak game. 


Proof. The additional claim is obvious. For the other claim, first assume & 
is an accepting run of Y on 7, (Z). We convert Z into a winning strategy 
o for Player 0 in # x. Z. To this end, let w be a vertex of & with label (y, v) 
such that (y,v) is a position for Player 0. Since & is an accepting run, w 
has a successor, say w’. Assume l” (w) = (7',v’). We set o(u) = (y, 0'(*)) 
where u is defined as follows. First, let n = |v|. Assume 1? (u(i)) = (yi, vi) 
for every i < n. We set u = (Yo, Vo(*)) (V1, V1 (*)) --. (Yn—1; Vn—1(*)). It can 
be shown that this defines a strategy. Moreover, since & is accepting, o is 
winning. 

For the other direction, a winning strategy is turned into an accepting 
run in a similar manner. Q.E.D. 


The proof shows that essentially there is no difference between a run 
and a strategy—one can think of a run as a strategy. From this point of 
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Let & be an alternating Biichi tree automaton, f a transi- 
tion system over the same set of propositional variables, and 
sy E€ S. The product of Y and Z at sz, denoted Y Xs, F, 
is the Biichi game defined by 


A Xs, F = (Po, Pi, (qr, 81), M,subt (2) x S) 
where 
e Pois the set of pairs (y, s) € sub() x S where y is 


(i) a disjunction, 


) 
(ii) a O-formula, 
(iii) p for p ¢ I(s), 
(iv) ap for p E€ I(s), o 
(v) ff 
and 

e P, is the set of pairs (y, s) € sub(.#) x S where y is 

(i) a conjunction, 

(ii 


) 
) 

(iii) p for some p E I(s), 
) 


-formula, 


v 


(iv) ap for some p ¢ I(s), or 
(v) tt. 


Further, M contains for every y € sub(@) and every s € S 
moves according to the following rules: 


e if y = q for some state q, then ((7, s), (8(q), s)) € M, 


e ify=7V 1 Or y= WAN, then ((7, 5), (Yi, s)) € M 
for i < 2, 


e ify = Oy or y = O7, then ((7, s), (7, 8’)) € M for all 
s! € sucs” (s). 


FIGURE 26. Product of a transition system and an alternating automaton 
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view, an alternating automaton defines a family of games, for each tree a 
separate game, and the tree language recognized by the tree automaton is 
the set of all trees which Player 0 wins the game for. 

The additional claim in the above lemma allows us to prove the desired 
complexity bound for the CTL model checking problem: 


Theorem 5.10 (Clarke-Emerson-Sistla, [28]). The CTL model checking 
problem can be solved in time O(mn) where m is the size of the transition 
system and n the number of subformulas of the CTL formula. 


Proof. Consider the following algorithm, given a CTL formula y, a transi- 
tion system .%, and a state sr E€ S. First, construct the very weak alter- 
nating Biichi automaton ./?!*[y]. Second, build the product /?"*[y] xs, F. 
Third, solve tjp] xs, Z. Then Player 0 is the winner if and only if 
S, 8, Fo. 

The claim about the complexity follows from the fact that the size of 
Atip] Xs, Z is mn and from Theorem 2.21. Note that weak games are par- 
ity games with one priority in each strongly connected component. Q.E.D. 


Obviously, given a CTL formula y, a transition system Z, and a state 
sr one can directly construct a game that reflects whether .%, sr H p. This 
game would be called the model checking game for Z, sr, and y. The 
construction via the alternating automaton has the advantage that starting 
from this automaton one can solve both, model checking and satisfiability, 
the latter by using a translation from alternating Biichi tree automata into 
nondeterministic tree automata. We present such a translation in Section 6. 

The translation from CTL into very weak alternating automata has an- 
other interesting feature. Just as the translation from LTL to weak alter- 
nating automata, it has a converse. More precisely, following the lines of 
the proof of Theorem 4.9, one can prove: 


Theorem 5.11. Every very weak alternating tree automaton is equivalent 
to a CTL formula. Q.E.D. 


5.4 Notes 


The two specification logics that we have dealt with, LTL and CTL, can 
easily be combined into a single specification logic. This led Emerson and 
Halpern to introduce CTL* in 1986 [38]. 

An automata-theoretic proof of Corollary 5.7 was given first by Vardi 
and Wolper in 1986 [125]. Kupferman, Vardi, and Wolper, when proposing 
an automata-theoretic approach to CTL model checking in [71], also showed 
how other model checking problems can be solved following the automata- 
theoretic paradigm. One of their results is that CTL model checking can 
be solved in space polylogarithmic in the size of the transition system. 
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6 Modal p-calculus 


The logics that have been discussed thus far—S1S, $25, LTL, and CTL— 
could be termed declarative in the sense that they are used to describe 
properties of sequences, trees, or transition systems rather than to specify 
how it can be determined whether such properties hold. This is different for 
the logic we discuss in this section, the modal -calculus (MC), introduced 
by Kozen in 1983 [66]. This calculus has a rich and deep mathematical 
and algorithmic theory, which has been developed over more than 20 years. 
Fundamental work on it has been carried out by Emerson, Streett, and Jutla 
(114, 40], Walukiewicz [129], Bradfield and Lenzi [79, 11], and others, and it 
has been treated extensively in books, for instance, by Arnold and Niwiński 
[6] and Stirling [110]. In this section, we study satisfiability (and model 
checking) for MC from an automata-theoretic perspective. Given that MC 
is much more complex than LTL or CTL, our exposition is less detailed, 
but gives a good impression of how the automata-theoretic paradigm works 
for MC. 


6.1 MC and monadic second-order logic 


MC is a formal language consisting of expressions which are evaluated in 
transition systems; every closed expression (without free variables) is evalu- 
ated to a set of states. The operations available for composing sets of states 
are boolean operations, local operations, and fixed point operations. 
Formally, the set of MC expressions is the smallest set containing 


e p and —p for any propositional variable p, 

e any fixed-point variable X, 

e p ^y and yV wp if y and y are MC expressions, 

e ()y and []y if y is an MC expression, and 

e uXpand vXọ if X is a fixed-point variable and y an MC expression. 


The operators u and v are viewed as quantifiers in the sense that one says 
they bind the following variable. As usual, an expression without free oc- 
currences of variables is called closed. The set of all variables occurring 
free in an MC expression y is denoted by free(y). An expression is called a 
fixed-point expression if it starts with u or v. 

To define the semantics of MC expressions, let y be an MC expression 
over some finite set P of propositional variables, Y a transition system, 
and a a variable assignment which assigns to every fixed-point variable a 
set of states of .%. The value of y with respect to Z and a, denoted ||y||%, 
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is defined as follows. The fixed-point variables and the propositional vari- 
ables are interpreted according to the variable assignment and the transition 
system: 


loll% = {s€ 9”: pE” (9}, Ill% = {s € 9”: p ¢ 17(s)}, 
and 
IXI = a(X). 
Conjunction and disjunction are translated into union and intersection: 


eA IIS = llell OMNIS, le v OS = lels u llls 


The two local operators, () and [], are translated into graph-theoretic op- 
erations: 


Koll = {s € S: sues” (s) A [lel #2}, 
Hellig = {s € S$: sues” (s) € Ilol}. 


The semantics of the fixed-point operators is based on the observation that 

$ A 1 a[X=sS'] r 
for every expression 9, the function S + |||’ is a monotone func- 
tion on 2° with set inclusion as ordering, where a[X +> S'] denotes the 
variable assignment which coincides with a, except for the value of the vari- 
able X, which is S’. The Knaster—Tarski Theorem then guarantees that 


this function has a least and a greatest fixed point: 


lexa =() {9° E s: =S}, 
Xl =U {S c s: Ilr") = s). 


In the first equation the last equality sign can be replaced by C, while in the 
second equation it can be replaced by 2. The above equations are—contrary 
to what was said at the beginning of this section—declarative rather than 
operational, but this can easily be changed because of the Knaster-Tarski 
Theorem. For a given system Z, a variable assignment a, an MC expres- 
sion y, and a fixed-point variable X, consider the ordinal sequence (S) )\, 
called approximation sequence for ||juXy||%, defined by 


alXres 
al al, Sy = U S), 
A<A! 


So = Ø, Sr41 = llel] 


where A’ stands for a limit ordinal. Because of monotonicity, we have Sọ C 
Sı C.... The definition of the sequence implies that if Sy) = S41 for any À, 
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then Sy = Sy = ||uXy||% for all XA > A. Clearly, we have A < card(S) 
for the smallest such A, which, for finite transition systems, means there is 
a simple (recursive) way to evaluate Xy. The same holds true for vXy, 
where the approximation is from above, that is, Sg = S and the inclusion 
order is reversed. 

For notational convenience, we also use Z,a, s | y to denote s € ||y||% 
for any state s € S. When ọ is a closed MC expression, then the variable 
assignment a is irrelevant for its interpretation, so we omit it and simply 
write ||y||_, or Z,s Fy. 

For examples of useful expressions, recall the CTL formula (1.3) from 
Section 5.1. We can express its subformula EFpg by 


Pinner = HX (pa V ()X), 
so that the full formula can be written as 
VY (Pinner A []Y). 
In a similar fashion, (1.4) can be expressed: 
VY ((=pr V UX (pa V []X)) A IY). 


It is more complicated to express the LTL formula (1.5); it needs a nested 
fixed-point expression with mutually dependent fixed-point variables. We 
first build an expression which denotes all states from which on all paths a 
state is reachable where p is true and which belongs to a set Y: 


Pinner = HX ((p AY) v []X). 


Observe that Y occurs free in faner: The desired expression can then be 
phrased as a greatest fixed point: 


/ 
VY Pinner $ 


It is no coincidence that we are able to express the two CTL formulas in 
MC: 


Proposition 6.1. For every CTL formula ¢ there exists a closed MC ex- 
pression y such that for every transition system Z and s € S, 


S,SEY iff S,SEQ. 


Proof. The proof is a straightforward induction. We describe one case of 
the inductive step. Assume w and x are CTL formulas and w and ¥ are 
MC expressions such that the claim holds. We consider y = E(¢ XU x) and 
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want to construct ~ as desired. We simply express the semantics of y by a 
fixed-point computation: 


$= ()uX(KV (WA ()X)). 
The other cases can be dealt with in the same fashion. Q.E.D. 


The next observation is that as far as satisfiability is concerned, we can 
restrict our considerations to trees, just as with CTL (recall Lemma 5.1). 


Lemma 6.2. For every MC expression y, transition system J, variable 
assignment a, and state s € S, 


F, as Hg iff TIF) a E y. 


(Recall that when we view a tree as a transition system, then we interpret 
formulas in the root of the tree unless stated otherwise.) 


Proof. This can be proved by a straightforward induction on the structure 
of y, using the following inductive claim: 


{ve VA"): S,a,v(*) E p} = llel 


IAP)" 


This simply says that with regard to MC, there is no difference between a 
state s’ in a given transition system Z and every vertex v with v(x) = s 
in the unraveling of Z. Q.E.D. 


Just as with CTL, the lemma allows us to work henceforth in the tree 
framework. For a closed MC expression y with propositional variables from 
a set P = {po,..-,Pn—1}, the tree language defined by y, denoted Y(y), is 
the set of all trees Z over 2? such that Z Ey. 

The next observation is that every MC expression can be translated into 
a monadic second-order formula, similar to Proposition 5.2. Before we can 
state the result, we define an appropriate equivalence relation between SUS 
formulas and MC expressions. Recall that an SUS formula is true or not 
for a given tree, while an MC expression evaluates to a set of vertices. 

Let P = {po,-.--,Pn—1} be a set of propositional variables and y an 
MC expression over P with free fixed-point variables among Xo,..., Xm-1. 
We view the variables Xo,...,Xm_—1 as further propositional variables and 
identify each X; with a set variable V; and each p; with a set variable Vin+;. 
So we can interpret y and every SUS formula | = U(Vo,...,Vim+n—1) in 
trees over [2|min. We say is equivalent to such a formula ~ if 2(y) = 


L(y). 


Proposition 6.3. For every MC expression y, an equivalent SUS formula 
ğ can be constructed. 
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Proof. This can be proved by induction on the structure of y, using a more 
general claim. For every MC expression y as above, we construct an SUS 
formula 6 = (Vo, ..., Vintn—1,2) such that for every tree J over [2] min 
and v € V”, we have: 


TF \v m P iff J, v B (Vo, , Vm+n-1; 2), 


where Z, v = (Vo, ..., Vm+n-1, 2) is defined in the obvious way, see Sec- 
tion 4.1 for a similar definition in the context of LTL. We can then set 
Pp = Ax(Vy(-suc(y, x) A (Vo, . . ., Vm+n-1; £))). 

The interesting cases in the inductive step are the fixed-point operators. 
So let p = Xip and assume dis already given. The formula ¢ simply says 
that z belongs to a fixed point and that every other fixed point is a superset 


of it: 


P= 3Z(zE Z NYZ (W...,Vi-1,Z, Vin, 2) OZ E ZA 
VZ' (Yz (l... Vi, JZ Vig Ze ZED) A ZC). 


For the greatest fixed-point operator, the construction is analogous. Q.E.D. 
As a consequence, we can state: 
Corollary 6.4 (Kozen-Parikh, [67]). MC satisfiability is decidable. 


But, just as with LTL and CTL, by a translation into monadic second- 
order logic we get only a nonelementary upper bound for the complexity. 


6.2 From MC to alternating tree automata 


Our overall objective is to derive a good upper bound for the complexity of 
MC satisfiability. The key is a translation of MC expressions into nondeter- 
ministic tree automata via alternating parity tree automata. We start with 
the translation of MC expressions into alternating parity tree automata. 

Alternating parity tree automata are defined exactly as nondeterminis- 
tic Buchi tree automata are defined in Section 5.3 except that the Butchi 
acceptance condition is replaced by a parity condition 7. 

Just as with LTL and CTL, the translation into alternating automata 
reflects the semantics of the expressions in a direct fashion. The fixed-point 
operators lead to loops, which means that the resulting tree automata will 
no longer be very weak (not even weak). For least fixed points these loops 
may not be traversed infinitely often, while this is necessary for greatest 
fixed points. To control this, priorities are used: Even priorities are used for 
greatest fixed-points, odd priorities for least fixed points. Different priorities 
are used to take into account the nesting of fixed points, the general rule 
being that outer fixed points have smaller priorities, because they are more 
important. 
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For model checking, it will be important to make sure as few different 
priorities as possible are used. That is why a careful definition of alternation 
depth is needed. In the approach by Emerson and Lei [41], one counts the 
number of alternations of least and greatest fixed points on the paths of the 
parse tree of a given expression. Niwiriski’s approach [92] yields a coarser 
hierarchy, which gives better upper bounds for model checking. It requires 
that relevant nested subexpressions are “mutually recursive”. 

Let < denote the relation “is subexpression of”, that is, y < y if y € 
sub(y). Let y be an MC expression. An alternating -chain in ọ of length 
lis a sequence 


p> KXopo > vXiyı > pXebe > +- > w/vX-1YWi-1 (1.6) 


where, for every i < 1—1, the variable X; occurs free in every formula w 
with Y; > Y > Wi4i1. The maximum length of an alternating p-chain in y 
is denoted by m“(y). Symmetrically, v-chains and m” (4) are defined. The 
alternation depth of a p-calculus expression ọ is the maximum of m(y) 
and m” (p) and is denoted by d(y). 

We say an MC expression is in normal form if for every fixed-point 
variable X occurring the following holds: 


e every occurrence of X in y is free or 


e all occurrences of X in y are bound in the same subexpression yX y 
or vXw, which is then denoted by yx. 


Clearly, every MC expression is equivalent to an MC expression in normal 
form. 

The full translation from MC into alternating parity tree automata can 
be found in Figure 27, where the following notation is used. When g is an 
MC expression and uXw € sub(y), then 


falo) +1- 2fda(uXy)/2], if d(y) mod 2 = 0, 
oe) ie ~2ld(uXw)/2|, otherwise. 
Similarly, when vXw € sub(y), then 
_ Jal) —2|dvxy)/2], if d(y) mod 2 = 0, 
daray = E +1—2[d(vXy)/2], otherwise. 


This definition reverses alternation depth so it can be used for defining the 
priorities in the alternating parity automaton for an MC expression. Recall 
that we want to assign priorities such that the higher the alternation depth 
the lower the priority and, at the same time, even priorities go to v-formulas 
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Let y be a closed MC expression in normal form and Q a 
set which contains for every 7 € sub(y) a state [y]. The 
alternating parity tree automaton for y, denoted æ% |p], is 
defined by 


A |p] = (P,Q, 9, 5,7) 


where the transition function is given by 


6([p]) = p, ô([>p]) = 7p, 
ôli v x) = l] v Ix], êl A x}) = [YA Ix], 
êy] = Oly], é([[]¥]) = oly), 
ô([uXy]) = [y], ôl Xy4]) = [y], 
6([X]) = [px], 
and where 
a(l] = dy (4) 


for every fixed-point expression w € sub(y). 


FIGURE 27. From p-calculus to alternating tree automata 


and odd priorities to u-formulas. This is exactly what the above definition 
achieves. 

It is obvious that æ |p] will have d(Y) +1 different priorities in general, 
but from a complexity point of view, these cases are not harmful. To explain 
this, we introduce the notion of index of an alternating tree automaton. 
The transition graph of an alternating tree automaton f is the graph with 
vertex set Q and where (q,q’) is an edge if gq’ occurs in 6(q). The index of 
& is the maximum number of different priorities in the strongly connected 
components of the transition graph of &. Clearly, |p] has index d(y). 


Theorem 6.5 (Emerson-Jutla, [40]). Let y be an MC expression in normal 
form with n subformulas. Then «/|y] is an alternating parity tree automa- 
ton with n states and index d(y) such that Y(a[y]) = L(y). 


To be more precise, |p] may have d(Y) + 1 different priorities, but in 
every strongly connected component of the transition graph of æ |p] there 
are at most d(y) different priorities, see also Theorem 2.21. 
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Proof. The claims about the number of states and the index are obviously 
true. The proof of correctness is more involved than the corresponding 
proofs for LTL and CTL, because the automata which result from the trans- 
lation are, in general, not weak. 

The proof of the claim is by induction on the structure of y. The base 
case is trivial and so are the cases in the inductive step except for the 
cases where fixed-point operators are involved. We consider the case where 
p= Xy. 

So assume y = pXw and J — yw. Let f: 2” — 2” be defined by 
f(V’) = IWI. Let (Vy), be the sequence defined by Vo = Ø, Vayi = 
fV), and Vy = Ux 2, Va for limit ordinals X. We know that f has a 
least fixed point, which is the value of y in J, and that there exists x such 
that V,, is the least fixed-point of f. We show by induction on A that there 
exists an accepting run of &[y] on J |v for every v € Vy. This is trivial 
when A = 0 or when 4 is a limit ordinal. When A is a successor ordinal, say 
A = ào +1, then Vy = f(Vy,). Consider the automaton [i] where X is 
viewed as a propositional variable. By the outer induction hypothesis, there 
exists an accepting run Z of æ [p] on F(X = Vy, ]lv, where F[X = Vj, | 
is the obvious tree over 2°U{*}. We can turn & into a prefix Z’ of a run of 
A |p] on J |v by adding a new root labeled ([y], v) to it. Observe that some 
of the leaves w of Z’ may be labeled (X,v’) with v’ € Vy. For each such 
v’ there exists, by the inner induction hypothesis, an accepting run Zy of 
A |p] on Flv. Replacing w by Zy for every such leaf w yields a run & 
of A% |p] on Flv. We claim this run is accepting. To see this, observe that 
each infinite branch of # is an infinite branch of Z’ or has an infinite path 
of Zy for some v’ as a suffix. In the latter case, the branch is accepting 
for a trivial reason, in the former case, the branch is accepting because the 
priorities in æ |y] differ from the priorities in </[y] by a fixed even number. 
This completes the inductive proof. Since, by assumption, the root of 7 
belongs to V,,, we obtain the desired result. 

For the other direction, assume 7 is accepted by æ |p], say by a run &. 
Let W be the set of all w € VŽ such that y is the first component of 17 (w). 
Observe that because of the definition of the priority function m there can 
only be a finite number of elements from W on each branch of #. This is 
because the priority function 7 is defined in a way such that if y € sub(y) 
is a fixed-point formula with [y] in the strongly connected component of [y] 
in the transition graph of x£ |p], then m([y]) < z([v]). 

Consider the sequence (V,), of subsets of V” defined as follows: 


e Vo = Ø, 


e w € Vy41 if all proper descendants of w in Z belong to Vy U V” \W, 
and 
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e Vy = U,<x Va for every limit ordinal X. 


Using the induction hypothesis, one can prove by induction on A that for 
every w € V) the second component of its label belongs to ||y||.7. 

Since there are only a finite number of elements from W on each branch 
of Vy, one can also show that root(#) € W, which proves the claim. Q.E.D. 


Before we turn to the conversion of alternating into nondeterministic 
parity tree automata, we discuss model checking MC expressions briefly. 
Model checking an MC expression, that is, evaluating it in a finite transition 
system is “trivial” in the sense that one can simply evaluate the expression 
according to its semantics, using approximation for evaluating fixed-point 
operators as explained in Section 6.1. Using the fact that fixed-points of the 
same type can be evaluated in parallel one arrives at an algorithm which is 
linear in the product of the size of the expression and the size of the system, 
but exponential in the depth of the alternation between least and greatest 
fixed points. 

An alternative approach to model checking MC expressions is to proceed 
as with CTL. Given a finite transition system J, an initial state sz € S, 
and an expression y, one first constructs the alternating automaton [yy], 
then the product game |p] xs, F (with a parity condition rather than 
a Biichi condition), and finally solves this game. (Of course, on can also 
directly construct the game.) As a consequence of the previous theorem 
and Theorem 2.21, one obtains: 


Theorem 6.6 (Seidl-Jurdziriski, [107, 62]). An MC expression of size l and 
alternation depth d can be evaluated in a finite transition system with m 
states and n transitions in time O((lm + In(Im)|4/2!)). Q.E.D. 


In fact, there is a close connection between MC model checking and 
solving parity games: The two problems are interreducible, which means 
all the remarks on the complexity of solving parity games at the end of 
Section 2.5 are equally valid for MC model checking. 

The above theorem tells us something about AMC, the set of all MC 
expressions with alternation depth < 1. These expressions can be evalu- 
ated in time linear in the product of the size of the transition system and 
the length of the formula, which was first proved by Cleaveland, Klein, 
and Steffen [29] in general and by Kupferman, Vardi, and Wolper using 
automata-theoretic techniques [71]. This yields a different proof of Theo- 
rem 5.10: The straightforward translation from CTL into the p-calculus, 
see Proposition 6.1, yields alternation-free expressions of linear size. From 
a practical point, it is interesting to note that model checking tools indeed 
use the translation of CTL into AMC, see [84]. 


720 M. Y. Vardi, Th. Wilke 


6.3 From alternating to nondeterministic tree automata 


In view of Theorem 6.5, what we need to solve MC satisfiability is a transla- 
tion of alternating tree automata into nondeterministic tree automata, be- 
cause we already know how to decide emptiness for these automata. To be 
precise, we proved this only for Biichi acceptance conditions, see Figure 24, 
but this extends to parity tree automata in a straightforward manner. 

One way of achieving a translation from alternating into nondeterminis- 
tic automata is to proceed in two steps, where the intermediate result is an 
alternating automaton with very restrictive transition conditions. We say 
a transition condition is in normal form if it is a disjunction of transition 
conditions of the form 


VAN q^ N ca 


qEQ^ qEQE 


The conversion of an ordinary alternating tree automaton into an alter- 
nating tree automaton with transition conditions in normal form is similar to 
removing £-transitions. We describe it here for the case where the transition 
conditions are simpler as in the general case, namely where each subformula 
y or O7 is such that yis a state. Observe that all the transition conditions 
in the construction described in Figure 27 are of this form. At the same 
time, we change the format of the transition function slightly. We say an 
alternating automaton is in normal form if its transition function 6 is of 
the form 6: Q x 2? — TC(P,Q) where 6(q,a) is a transition condition in 
normal form for g € Q and a € 2”. The notion of a run of an alternating 
automaton is adapted appropriately. 

To convert alternating automata into normal form, we start with a cru- 
cial definition. Let be an alternating parity tree automaton, a € 2”, and 
q E Q. We say a tree & labeled with transition conditions is a transition 
tree for q and a if its root is labeled q and every vertex w with label y 
satisfies the following conditions: 


e if y = p, then p € a, and if y = 7p, then p ¢ a, 


e if y = q', then there exists w’ € sucs” (w) such that I7(w’) = 6(q’), 


e if y = Oq or y= Ud’, then w has no successor, 

e if y = yo V 71, then there exists i < 2 and w’ € sucs? (w) such that 
I (w) = Ya 

e if y = y A q1, then for every i < 2 there exists w’ € sucs? (w) such 


that 1? (w) = qi. 
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Let & be an alternating parity tree automaton. The normal- 
ization of & is the alternating parity tree automaton </"°™ 
defined by 


A = (P,Q x T(Q), (qr, j), F, T) 
where 
e j is any element of 7(Q), 
e 7’((q,i)) = i for all q € Q andi € 7(Q), and 


© 5 ((q,i),a) = V ya for q € Q, i € n(Q), and a € 2P, 
with Z ranging over all transition trees for q and a. 


FIGURE 28. Normalizing transition conditions of alternating tree automata 


Further, every infinite branch of # is accepting with respect to 7. 

A transition tree as above can easily be turned into a transition condition 
in normal form over an extended set of states, namely Q = Q x 1(Q). The 
second component is used to remember the minimum priority seen on a path 
of a transition tree, as explained below. Let Q^ be the set of pairs (q’, i) 
such that Od’ is a label of a leaf of Z, say w, and i is the minimum priority 
on the path from the root of Z to w. Similarly, let QE be the set of pairs 
(q’,7) such that Oq’ is a label of a leaf of Z, say w, and i is the minimum 
priority on the path from the root of Æ to w. The transition condition for 
the transition tree Z, denoted yg, is defined by 


ya= A ola N oda. 


(q/,t)EQ* (g'i) EQE 


The entire normalization construction is depicted in Figure 28. 


Lemma 6.7. Let æ be an alternating parity tree automaton with n states 
and k different priorities. Then .#"°™ is an alternating parity tree automa- 
ton in normal form with kn states and k different priorities. Q.E.D. 


The second step in our construction is a conversion of an alternating 
automaton in normal form into a nondeterministic tree automaton, similar 
to the conversion of universal parity tree automata into nondeterministic 
tree automata explained in Section 3.3. Again, we heavily draw on the 
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generic automaton introduced in that section. Recall that given a finite state 
set Q and a priority function 7, the generic automaton is a deterministic 
automaton over 2, the alphabet consisting of all binary relations over Q, 
which accepts a word u € 2” if all v € (u) satisfy the parity condition 7. 

Given an alternating automaton in normal form, a set Q’ C Q, anda 
letter a € 2”, a pair (2’, R) with 2’ C 2 and R € 2 is a choice for Q’ and 
a if for every q € Q’ there exists a disjunct in 6(q) of the form 


A ora N od 


E 
CEQA g'EQE 


such that the following conditions are satisfied: 
G) R={(qq): geQ Ad EQD 
(ii) RC R’ for every R' € 2', 


(iii) for every q E€ Q’ and every q € OF there exists R’ € 2 such that 
(q,q') € R’, and 


(iv) [2| < |Q| x [Q| +1. 


For a set Q’ C Q and a relation R C Q x Q, we write Q’R for the set 
{7 E€ Q: Ja(q E Q'A (g,q') € R}. 

The details of the conversion from alternating parity tree automata in 
normal form into nondeterministic tree automata can be found in Figure 29. 
It is analogous to the construction depicted in Figure 16, which describes 
how a universal parity tree automaton over binary trees can be turned into 
a nondeterministic parity tree automaton. The situation for alternating 
automata is different in the sense that the transition conditions of the form 
Oq' have to be taken care of, too, but this is captured by (iii) in the above 
definition. 


Lemma 6.8. Let & be an alternating parity automaton in normal form 
with n states and k different priorities. Then A”4 is an equivalent nondeter- 
ministic automaton with a number of states exponential in n and a number 
of priorities polynomial in n. 


Proof. The claims about the number of states and number of priorities are 
obvious. The correctness proof can be carried out almost in the same fashion 
as the proof of Lemma 3.10, except for one issue. In order to see that it 
is admissible to merge all branches of a run on a certain branch of a given 
tree into one element of 2”, one has to use Theorem 2.20, the memoryless 
determinacy of parity games. Q.E.D. 
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Let & be an alternating parity tree automaton in normal 
form and Z = &|Q”,n”] the generic automaton for Q7 
and 7” 


The nondeterministic automaton ./"4 is defined by 
of = (27,297 x QF, (aF haf), Asm) 
= n*(q) and 


q)) 
Ri ,64(q, RN)}) € A if there exists a 
Q! and a such that 


where T 


( 
(Q'a), g, 2, { 


(Q 
q, 2, {( 
choice (2, R) for 


2 = {(Q'R, 6” (q, R)): RE 2'}. 


FIGURE 29. From alternating to nondeterministic tree automata 


As a consequence of Theorem 6.5 and Lemmas 6.7 and 6.8, we obtain: 


Corollary 6.9. (Emerson-Streett-Jutla, [40]) Every MC expression can be 
translated into an equivalent nondeterministic parity tree automaton with 
an exponential number of states and a polynomial number of different pri- 
orities. 


In view of Lemma 5.6 and Theorem 2.21, we can also conclude: 


Corollary 6.10 (Emerson-Jutla, [39]). MC satisfiability is complete for 
exponential time. 


For the lower bound, we refer to [39]. We finally note that a converse of 
Corollary 6.9 also holds: 


Theorem 6.11 (Niwiński-Emerson-Jutla-Janin-Walukiewicz, [93, 40, 59]). 
Let P be a finite set of propositional variables. For every alternating parity 
tree automaton and every nondeterministic tree automaton over 2”, there 
exists an equivalent closed MC expression. 


6.4 Notes 

Satisfiability for MC is not only complexity-wise simpler than satisfiabil- 
ity for $28. The proofs for showing decidability of satisfiability for $25 all 
make use of a determinization construction for automata on infinite words. 
The “safraless decision procedures” advocated by Kupferman and Vardi 
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[75] avoid this, but they still use the fact that equivalent deterministic word 
automata of a bounded size exist. 

The nondeterministic tree automaton models for SUS and MC are not 
only similar on the surface: A fundamental result by Janin and Walukiewicz 
[60] states that the bisimulation-invariant tree languages definable in SUS 
are exactly the tree languages definable in MC, where the notion of bisimu- 
lation exactly captures the phenomenon that MC expressions (just as CTL 
formulas) are resistant against duplicating subtrees. 

MC has been extended in various ways with many different objectives. 
With regard to adding to its expressive power while retaining decidability, 
one of the most interesting results is by Gradel and Walukiewicz [53], which 
says that satisfiability is decidable for guarded fixed-point logic. This logic 
can be seen as an extension of the modal ji-calculus insofar as guarded logic 
is considered a natural extension of modal logic, and guarded fixed-point 
logic is an extension of guarded logic just as modal p-calculus is an extension 
of model logic by fixed-point operators. For further extensions, see [78, 127] 
and [68]. Other important work with regard to algorithmic handling of MC 
was carried out by Walukiewicz in [130], where he studies the evaluation of 
MC expressions on pushdown graphs. 
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